Activity log for bug #1766600

Date Who What changed Old value New value Message
2018-04-24 13:19:17 Jamie Strandboge bug added bug
2018-04-24 13:19:40 Jamie Strandboge description With the new bionic upload, when the apparmor profile is enabled, rsyslog fails to start due to: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/rsyslogd" name="/usr/lib/x86_64-linux-gnu/rsyslog/lmnet.so" pid=19949 comm="rsyslogd" requested_mask="m" denied_mask="m" fsuid=0 ouid=0 The profile has this rule: /usr/lib{,32,64}/rsyslog/*.so mr, but the new upload puts modules in /usr/lib/x86_64-linux-gnu/rsyslog so this rule should be adjusted to: /usr/lib{,32,64}/{,@multiarch/}rsyslog/*.so mr, With the new bionic upload, when the apparmor profile is enabled, rsyslog fails to start (and cause upgrade issues) due to: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/rsyslogd" name="/usr/lib/x86_64-linux-gnu/rsyslog/lmnet.so" pid=19949 comm="rsyslogd" requested_mask="m" denied_mask="m" fsuid=0 ouid=0 The profile has this rule:   /usr/lib{,32,64}/rsyslog/*.so mr, but the new upload puts modules in /usr/lib/x86_64-linux-gnu/rsyslog so this rule should be adjusted to:   /usr/lib{,32,64}/{,@multiarch/}rsyslog/*.so mr,
2018-04-24 13:27:20 Jamie Strandboge description With the new bionic upload, when the apparmor profile is enabled, rsyslog fails to start (and cause upgrade issues) due to: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/rsyslogd" name="/usr/lib/x86_64-linux-gnu/rsyslog/lmnet.so" pid=19949 comm="rsyslogd" requested_mask="m" denied_mask="m" fsuid=0 ouid=0 The profile has this rule:   /usr/lib{,32,64}/rsyslog/*.so mr, but the new upload puts modules in /usr/lib/x86_64-linux-gnu/rsyslog so this rule should be adjusted to:   /usr/lib{,32,64}/{,@multiarch/}rsyslog/*.so mr, With the new bionic upload, when the apparmor profile is enabled, rsyslog fails to start (and cause upgrade issues) due to: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/rsyslogd" name="/usr/lib/x86_64-linux-gnu/rsyslog/lmnet.so" pid=19949 comm="rsyslogd" requested_mask="m" denied_mask="m" fsuid=0 ouid=0 The profile has this rule:   /usr/lib{,32,64}/rsyslog/*.so mr, but the new upload puts modules in /usr/lib/x86_64-linux-gnu/rsyslog so this rule should be adjusted to:   /usr/lib{,32,64}/{,@{multiarch}/}rsyslog/*.so mr, Fixing that reveals this denial: AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/rsyslogd" name="/run/rsyslogd.pid.tmp" pid=2741 comm="rsyslogd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 So we need to adjust this: /{,var/}run/rsyslogd.pid rwk, to be: /{,var/}run/rsyslogd.pid{,.tmp} rwk,
2018-04-24 13:27:37 Jamie Strandboge summary [bionic] apparmor denial for rsyslog modules in multiarch directory [bionic] apparmor denial for rsyslog modules in multiarch directory and pidfile
2018-04-24 13:40:50 Jamie Strandboge description With the new bionic upload, when the apparmor profile is enabled, rsyslog fails to start (and cause upgrade issues) due to: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/rsyslogd" name="/usr/lib/x86_64-linux-gnu/rsyslog/lmnet.so" pid=19949 comm="rsyslogd" requested_mask="m" denied_mask="m" fsuid=0 ouid=0 The profile has this rule:   /usr/lib{,32,64}/rsyslog/*.so mr, but the new upload puts modules in /usr/lib/x86_64-linux-gnu/rsyslog so this rule should be adjusted to:   /usr/lib{,32,64}/{,@{multiarch}/}rsyslog/*.so mr, Fixing that reveals this denial: AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/rsyslogd" name="/run/rsyslogd.pid.tmp" pid=2741 comm="rsyslogd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 So we need to adjust this: /{,var/}run/rsyslogd.pid rwk, to be: /{,var/}run/rsyslogd.pid{,.tmp} rwk, With the new bionic upload, when the apparmor profile is enabled, rsyslog fails to start (and causes upgrade issues) due to: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/rsyslogd" name="/usr/lib/x86_64-linux-gnu/rsyslog/lmnet.so" pid=19949 comm="rsyslogd" requested_mask="m" denied_mask="m" fsuid=0 ouid=0 The profile has this rule:   /usr/lib{,32,64}/rsyslog/*.so mr, but the new upload puts modules in /usr/lib/x86_64-linux-gnu/rsyslog so this rule should be adjusted to:   /usr/lib{,32,64}/{,@{multiarch}/}rsyslog/*.so mr, Fixing that reveals this denial: AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/rsyslogd" name="/run/rsyslogd.pid.tmp" pid=2741 comm="rsyslogd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 So we need to adjust this:   /{,var/}run/rsyslogd.pid rwk, to be:   /{,var/}run/rsyslogd.pid{,.tmp} rwk,
2018-04-24 13:40:56 Jamie Strandboge tags apparmor
2018-04-24 15:45:02 Jamie Strandboge rsyslog (Ubuntu): status In Progress Fix Committed
2018-04-24 17:38:28 Launchpad Janitor rsyslog (Ubuntu): status Fix Committed Fix Released