Christian Boltz wrote:
The filenames in /etc/apparmor.d/ don't really matter - you could name a profile file /etc/apparmor.d/whatever-i-want and AppArmor would still only look at the content ;-) [1]
Ah, thanks for explaining that.
Note that you now have two more or less conflicting profiles loaded. I'd guess that your /usr/sbin/syslog-ng profile is used because it's an exact match, but that's probably not what you want. Therefore I'd recommend to delete "your" profile, run "rcapparmor reload" and then restart syslog-ng so that it uses the "official" profile.
Okay, done that - the first thing that happens is: # /usr/sbin/syslog-ng -F Auto configuration failed 139750905030416:error:0200100D:system library:fopen:Permission denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb') 139750905030416:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:178: 139750905030416:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199: I then added "#include <abstractions/openssl>" and attempted another reload - this caused the machine to crash and restart :-( I think this is reproduceable, I've seen it before. When syslog-ng tries to start during the reboot, apparmor denies access to /etc/syslog-ng/conf.d/. I added a '*' to the profile, and then it worked. -- Per Jessen, Zürich (13.4°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org