Hello, On 08/18/2011 10:25 AM, Sascha Peilicke wrote:
On Thursday 18 August 2011 10:17:23 Peter Czanik wrote:
Hello,
I'm planning to update syslog-ng to the latest beta release (3.3 final should be here real soon now). I checked the current syslog-ng in factory and ran into an interesting problem:
linux-1wrf:/etc/apparmor.d # rcsyslog start Starting syslog servicesError opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)' Error initializing source driver; source='src', id='src#1' Error initializing message pipeline; startproc: exit status of parent of /sbin/syslog-ng: 2 failed linux-1wrf:/etc/apparmor.d # grep kmsg sbin.syslog-ng @{PROC}/kmsg r,
It works fine when I disable AppArmor. Any hints why I get "Operation not permitted", when access to the file is actually allowed? @CBoltz: Clearly a job for a battle-hardened AppArmorer ;-) Just figured out. Capabilities was changed around 2.6.38, so it needs now:
capability syslog, I just created https://bugzilla.novell.com/show_bug.cgi?id=712820 I did not test, but it might also affect other syslog implementations... Oh, and it's alredy there: linux-1wrf:/etc/apparmor.d # grep "capability syslog," * sbin.klogd: capability syslog, Bye, CzP -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org