2023-03-03 21:21:40 |
Georgia Garcia |
description |
The AppArmor profile for rsyslog, which had been disabled on previous Ubuntu versions, was enabled in lunar.
The package google-compute-engine added a config file to rsyslog which requires rw access to /dev/console
google:ubuntu-23.04-64 /root# cat /etc/rsyslog.d/90-google.conf
# Google Compute Engine default console logging.
#
# daemon: logging from Google provided daemons.
# kern: logging information in case of an unexpected crash during boot.
#
daemon,kern.* /dev/console
google:ubuntu-23.04-64 /root# apt-file search /etc/rsyslog.d/90-google.conf
google-compute-engine: /etc/rsyslog.d/90-google.conf
So in gce cloud images, we are getting the following denials:
[ 1500.302082] audit: type=1400 audit(1677876883.728:495): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/dev/console" pid=603 comm=72733A6D61696E20513A526567 requested_mask="ac" denied_mask="ac" fsuid=101 ouid=0
To fix it, we just need to add
/dev/console rw,
to /etc/apparmor.d/usr.sbin.rsyslogd |
The AppArmor profile for rsyslog, which had been disabled on previous Ubuntu versions, was enabled in lunar.
The package google-compute-engine added a config file to rsyslog which requires rw access to /dev/console
google:ubuntu-23.04-64 /root# cat /etc/rsyslog.d/90-google.conf
# Google Compute Engine default console logging.
#
# daemon: logging from Google provided daemons.
# kern: logging information in case of an unexpected crash during boot.
#
daemon,kern.* /dev/console
google:ubuntu-23.04-64 /root# apt-file search /etc/rsyslog.d/90-google.conf
google-compute-engine: /etc/rsyslog.d/90-google.conf
So in gce cloud images, we are getting the following denials:
[ 1500.302082] audit: type=1400 audit(1677876883.728:495): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/dev/console" pid=603 comm=72733A6D61696E20513A526567 requested_mask="ac" denied_mask="ac" fsuid=101 ouid=0
To fix it, we just need to add
/dev/console rw,
to /etc/apparmor.d/usr.sbin.rsyslogd
or the same permission should be added to a file in /etc/apparmor.d/rsyslog.d/ by the google-compute-engine package |
|