https://bugzilla.novell.com/show_bug.cgi?id=220331 ------- Comment #1 from suse-beta@cboltz.de 2006-11-18 16:31 MST ------- sbin.syslog-ng profile: /var/log/* w, should be /var/log/** w, (sbin.syslogd profile has this already) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=220331 seife@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Comment #3 from seife@novell.com 2006-11-24 05:18 MST ------- something gets logged: root@strolchi:~# l /var/log/news/ total 8 drwxr-x--- 2 news news 1024 14. Nov 15:57 ./ drwxr-xr-x 9 root root 5120 23. Nov 22:29 ../ -rw-r----- 1 news news 0 21. Nov 15:31 news.crit -rw-r----- 1 news news 0 21. Nov 15:31 news.err -rw-r----- 1 news news 1387 24. Nov 13:14 news.notice but still: root@strolchi:~# grep news /var/log/audit/audit.log |tail type=APPARMOR msg=audit(1163176483.060:18): REJECTING attribute (mode,ctime,) change to /var/log/news/news.notice (syslog-ng(2707) profile /sbin/syslog-ng active /sbin/syslog-ng) type=APPARMOR msg=audit(1163371622.680:19): REJECTING w access to /var/log/news/news.err (syslog-ng(2707) profile /sbin/syslog-ng active /sbin/syslog-ng) type=APPARMOR msg=audit(1163371622.680:20): REJECTING attribute (uid,ctime,) change to /var/log/news/news.err (syslog-ng(2707) profile /sbin/syslog-ng active /sbin/syslog-ng) type=APPARMOR msg=audit(1163371622.680:21): REJECTING attribute (gid,ctime,) change to /var/log/news/news.err (syslog-ng(2707) profile /sbin/syslog-ng active /sbin/syslog-ng) type=APPARMOR msg=audit(1163371622.680:22): REJECTING attribute (mode,ctime,) change to /var/log/news/news.err (syslog-ng(2707) profile /sbin/syslog-ng active /sbin/syslog-ng) type=APPARMOR msg=audit(1163401637.356:31): REJECTING w access to /var/log/news/news.notice (syslog-ng(13635) profile /sbin/syslog-ng active /sbin/syslog-ng) type=APPARMOR msg=audit(1163707139.121:26): REJECTING w access to /var/log/news/news.notice (syslog-ng(2972) profile /sbin/syslog-ng active /sbin/syslog-ng) type=APPARMOR msg=audit(1163707139.121:27): REJECTING attribute (uid,ctime,) change to /var/log/news/news.notice (syslog-ng(2972) profile /sbin/syslog-ng active /sbin/syslog-ng) type=APPARMOR msg=audit(1163707139.125:28): REJECTING attribute (gid,ctime,) change to /var/log/news/news.notice (syslog-ng(2972) profile /sbin/syslog-ng active /sbin/syslog-ng) type=APPARMOR msg=audit(1163707139.125:29): REJECTING attribute (mode,ctime,) change to /var/log/news/news.notice (syslog-ng(2972) profile /sbin/syslog-ng active /sbin/syslog-ng) root@strolchi:~# l /var/log/audit/audit.log -rw-r----- 1 root root 44133 24. Nov 13:12 /var/log/audit/audit.log This is RC1, i updated from the previous version root@strolchi:~# rpm -q apparmor-profiles apparmor-profiles-2.0.1-11 root@strolchi:~# rpm -q --changelog apparmor-profiles|head -4 * Di Nov 21 2006 - srarnold@suse.de - Bug 220331 - syslog-ng cannot log news messages - /var/log/** to mirror the old syslog profile -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=220331 ------- Comment #5 from suse-beta@cboltz.de 2006-11-24 17:23 MST ------- I can reproduce this ;-) edit your syslog-ng.conf like this: destination newscrit { file("/var/log/news/news.crit" owner(news) group(news) perm(600)); }; then: # rm /var/log/news/news.crit # rcsyslog restart # echo test | logger -p news.crit # aa-logprof Another issue: please add /dev/log wl, to the syslog-ng profile! BTW: I just compared the syslogd and syslog-ng profiles (still on beta2 + above fix). The cleaned up diff (without pid file, config etc. and things mentioned above): --- syslogd 2006-11-25 00:53:29.000000000 +0100 +++ syslog-ng 2006-11-25 00:53:37.000000000 +0100 + capability chown, + capability fsetid, - capability dac_read_search, - capability sys_tty_config, - /dev/tty* w, + /dev/tty10 w, - /var/lib/*/dev/log wl, + /var/lib/*/dev/log w, - /var/log/** rw, + /var/log/** w, - /var/run/utmp rw, - /var/spool/compaq/nic/messages_fifo rw, I'm not familar enough with syslogd or syslog-ng to tell you which additions should be ported from the syslogd to the syslog-ng profile (and the other way round) - but the above diff should give you some hints ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.