On Wed, Sep 29, 2010 at 08:22:43AM +0200, Peter Czanik wrote:
Hello,
I'm trying to package syslog-ng 3.2-git, and ran into some troubles. V3.2 has an interesting new feature, called SCL (system configuration library), which tries to ease syslog-ng configuration. This works nicely when apparmor is disabled.
SCL uses a script to generate part of the configuration. So, when system(); is used in syslog-ng.conf, it actually calls a script, which generates the missing parts based on the OS. In case of Linux, it's:
linux-6y8u:~ # /usr/share/syslog-ng/include/scl/system/generate-system-source.sh unix-dgram("/dev/log"); file("/proc/kmsg" program-override("kernel") flags(kernel));
When apparmor is enabled, this script is not run, instead I see "permission denied" in the strace output.
Question: how should I modify /etc/apparmor.d/sbin.syslog-ng to be able to run external scripts and/or applications. This is not only a problem for SCL, but syslog-ng can use these both as log source and destination.
Once a solution is know, I'd put some comments in sbin.syslog-ng, so users could extend the AppArmor ruleset easily instead of disabling it...
Run on a console (as root) logprof and follow the text dialog to adjust the profiles. Ciao, Marcs -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org