On Mon, Oct 05, 2015 at 08:42:22AM +0200, Per Jessen wrote:
Marcus Meissner wrote:
On Mon, Oct 05, 2015 at 08:27:33AM +0200, Per Jessen wrote:
Per Jessen wrote:
/sbin/syslog-ng is a symlink to /usr/sbin/syslog-ng.
To get syslog-ng to run, I went through starting it, then running aa-genprof etc. It seemed the profile was non-existent. When I run "/usr/sbin/syslog-ng -F" from the command line, it doesn't pick up the sbin.syslog profile, does it?
I copied sbin.syslog-ng to usr.sbin.syslog-ng, then tried starting syslog-ng:
# /sbin/syslog-ng -F Auto configuration failed 139651616061200:error:0200100D:system library:fopen:Permission denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb') 139651616061200:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:178: 139651616061200:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199:
# aa-genprof /usr/sbin/syslog-ng
/etc/apparmor.d/usr.sbin.syslog-ng contains no profile
???
You notice perhaps that you use /usr/sbin instead of /sbin/
Yes, I just use what the systemd unit uses too.
But then, you probably just want to run:
logprof<return>
I did try that too, it produces a lengthy list of changes to /usr/sbin/ntpd and some for /usr/sbin/syslog-ng
http://files.jessen.ch/office34-logprof.txt
Looking at the changes proposed for /usr/sbin/syslog-ng:
--- /etc/apparmor.d/usr.sbin.ntpd 2015-10-04 00:16:23.000000000 +0200 +++ /tmp/tmpsr5a9xm7 2015-10-05 08:37:54.707820567 +0200 @@ -17,6 +17,8 @@ #include <abstractions/openssl> # #include <abstractions/xad>
+ #include <local/usr.sbin.ntpd> + capability dac_override, capability ipc_lock, capability net_bind_service,
local/usr.sbin.ntpd is empty.
Adding #include <abstractions/openssl> and #include <abstractions/nameservice> for the syslog-ng profile would help. ALso open a bug for the other missing listed files I think. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org