Mailinglist Archive: opensuse-factory (175 mails)
| < Previous | Next > |
Re: [opensuse-factory] syslog-ng apparmor question
- From: Marcus Meissner <meissner@xxxxxxx>
- Date: Wed, 29 Sep 2010 08:35:36 +0200
- Message-id: <20100929063536.GA22643@xxxxxxx>
On Wed, Sep 29, 2010 at 08:22:43AM +0200, Peter Czanik wrote:
Run on a console (as root)
logprof
and follow the text dialog to adjust the profiles.
Ciao, Marcs
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
Hello,
I'm trying to package syslog-ng 3.2-git, and ran into some troubles.
V3.2 has an interesting new feature, called SCL (system configuration
library), which tries to ease syslog-ng configuration. This works nicely
when apparmor is disabled.
SCL uses a script to generate part of the configuration. So, when
system(); is used in syslog-ng.conf, it actually calls a script, which
generates the missing parts based on the OS. In case of Linux, it's:
linux-6y8u:~ #
/usr/share/syslog-ng/include/scl/system/generate-system-source.sh
unix-dgram("/dev/log");
file("/proc/kmsg" program-override("kernel") flags(kernel));
When apparmor is enabled, this script is not run, instead I see
"permission denied" in the strace output.
Question: how should I modify /etc/apparmor.d/sbin.syslog-ng to be able
to run external scripts and/or applications. This is not only a problem
for SCL, but syslog-ng can use these both as log source and destination.
Once a solution is know, I'd put some comments in sbin.syslog-ng, so
users could extend the AppArmor ruleset easily instead of disabling it...
Run on a console (as root)
logprof
and follow the text dialog to adjust the profiles.
Ciao, Marcs
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |