On 10/07/2015 08:42 AM, Per Jessen wrote:
Christian Boltz wrote:
The filenames in /etc/apparmor.d/ don't really matter - you could name a profile file /etc/apparmor.d/whatever-i-want and AppArmor would still only look at the content ;-) [1] Ah, thanks for explaining that.
Note that you now have two more or less conflicting profiles loaded. I'd guess that your /usr/sbin/syslog-ng profile is used because it's an exact match, but that's probably not what you want. Therefore I'd recommend to delete "your" profile, run "rcapparmor reload" and then restart syslog-ng so that it uses the "official" profile. Okay, done that - the first thing that happens is:
# /usr/sbin/syslog-ng -F Auto configuration failed 139750905030416:error:0200100D:system library:fopen:Permission denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb') 139750905030416:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:178: 139750905030416:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199:
I then added "#include <abstractions/openssl>" and attempted another reload - this caused the machine to crash and restart :-( I think this is reproduceable, I've seen it before.
When syslog-ng tries to start during the reboot, apparmor denies access to /etc/syslog-ng/conf.d/. I added a '*' to the profile, and then it worked.
Hi syslog-ng seems to work fine using the fixes for the AppArmmor profile provided in https://bugzilla.opensuse.org/show_bug.cgi?id=948584 Bye, CzP -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org