[opensuse-factory] apparmor
Hi, Do I see well, that AppArmor is turned on by default on Leap? It blocks the start of syslog-ng: linux-e8yf:~ # syslog-ng -V Auto configuration failed 140266213013264:error:0200100D:system library:fopen:Permission denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb') 140266213013264:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:178: 140266213013264:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199: linux-e8yf:~ # rcapparmor stop redirecting to systemctl stop apparmor.service linux-e8yf:~ # syslog-ng -V syslog-ng 3.7.1 Installer-Version: 3.7.1 Revision: Available-Modules: afamqp,affile,afmongodb,afprog,afsocket,afstomp,afuser,basicfuncs,confgen,cryptofuncs,csvparser,dbparser,graphite,json-plugin,kvformat,linux-kmsg-format,pseudofile,sdjournal,syslogformat,system-source Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: off linux-e8yf:~ # If yes, is it OK, if I report it as a 42.1 beta1 bug? I run 42.1-current, but I guess this bug was already in beta1 too... Bye, CzP -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, Oct 02, 2015 at 03:36:06PM +0200, Peter Czanik wrote:
Hi,
Do I see well, that AppArmor is turned on by default on Leap? It blocks the start of syslog-ng:
linux-e8yf:~ # syslog-ng -V Auto configuration failed 140266213013264:error:0200100D:system library:fopen:Permission denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb') 140266213013264:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:178: 140266213013264:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199: linux-e8yf:~ # rcapparmor stop redirecting to systemctl stop apparmor.service linux-e8yf:~ # syslog-ng -V syslog-ng 3.7.1 Installer-Version: 3.7.1 Revision: Available-Modules: afamqp,affile,afmongodb,afprog,afsocket,afstomp,afuser,basicfuncs,confgen,cryptofuncs,csvparser,dbparser,graphite,json-plugin,kvformat,linux-kmsg-format,pseudofile,sdjournal,syslogformat,system-source Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: off linux-e8yf:~ #
If yes, is it OK, if I report it as a 42.1 beta1 bug? I run 42.1-current, but I guess this bug was already in beta1 too...
Of course, please open a bug. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 10/02/2015 03:54 PM, Marcus Meissner wrote:
On Fri, Oct 02, 2015 at 03:36:06PM +0200, Peter Czanik wrote:
Hi,
Do I see well, that AppArmor is turned on by default on Leap? It blocks the start of syslog-ng:
linux-e8yf:~ # syslog-ng -V Auto configuration failed 140266213013264:error:0200100D:system library:fopen:Permission denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb') 140266213013264:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:178: 140266213013264:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199: linux-e8yf:~ # rcapparmor stop redirecting to systemctl stop apparmor.service linux-e8yf:~ # syslog-ng -V syslog-ng 3.7.1 Installer-Version: 3.7.1 Revision: Available-Modules: afamqp,affile,afmongodb,afprog,afsocket,afstomp,afuser,basicfuncs,confgen,cryptofuncs,csvparser,dbparser,graphite,json-plugin,kvformat,linux-kmsg-format,pseudofile,sdjournal,syslogformat,system-source Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: off linux-e8yf:~ #
If yes, is it OK, if I report it as a 42.1 beta1 bug? I run 42.1-current, but I guess this bug was already in beta1 too... Of course, please open a bug. Done: https://bugzilla.opensuse.org/show_bug.cgi?id=948584 Bye, CzP -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello, Am Freitag, 2. Oktober 2015 schrieb Peter Czanik:
On 10/02/2015 03:54 PM, Marcus Meissner wrote:
On Fri, Oct 02, 2015 at 03:36:06PM +0200, Peter Czanik wrote:
Do I see well, that AppArmor is turned on by default on Leap? It blocks the start of syslog-ng:
linux-e8yf:~ # syslog-ng -V Auto configuration failed 140266213013264:error:0200100D:system library:fopen:Permission denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb')
If yes, is it OK, if I report it as a 42.1 beta1 bug? I run 42.1-current, but I guess this bug was already in beta1 too...
Of course, please open a bug.
Thanks for the bugreport! A wild guess based on your error message would be to add #include <abstractions/openssl> to the /etc/apparmor.d/sbin.syslog-ng profile and to reload it using rcapparmor reload. If that doesn't work, syslog-ng might need more permissions. In this case, please follow the detailed instructions I gave in the bugreport. Regards, Christian Boltz --
Anyway, what does our mission statement say? "Have a lot of fun..." [> Per Jessen and Greg KH in opensuse-factory]
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 10/02/2015 04:47 PM, Christian Boltz wrote:
Hello,
Am Freitag, 2. Oktober 2015 schrieb Peter Czanik:
On 10/02/2015 03:54 PM, Marcus Meissner wrote:
On Fri, Oct 02, 2015 at 03:36:06PM +0200, Peter Czanik wrote:
Do I see well, that AppArmor is turned on by default on Leap? It blocks the start of syslog-ng:
linux-e8yf:~ # syslog-ng -V Auto configuration failed 140266213013264:error:0200100D:system library:fopen:Permission denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb') If yes, is it OK, if I report it as a 42.1 beta1 bug? I run 42.1-current, but I guess this bug was already in beta1 too... Of course, please open a bug. Done: https://bugzilla.opensuse.org/show_bug.cgi?id=948584 Thanks for the bugreport!
A wild guess based on your error message would be to add #include <abstractions/openssl> to the /etc/apparmor.d/sbin.syslog-ng profile and to reload it using rcapparmor reload.
If that doesn't work, syslog-ng might need more permissions. In this case, please follow the detailed instructions I gave in the bugreport. It's not enough. It seems to me, that it needs some extra permissions related to journald. I could not find anything related to that under /etc/apparmor.d/ so I rather just posted my audit.log to bugzilla.
Bye, CzP -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Peter Czanik wrote:
On 10/02/2015 04:47 PM, Christian Boltz wrote:
Hello,
Am Freitag, 2. Oktober 2015 schrieb Peter Czanik:
On 10/02/2015 03:54 PM, Marcus Meissner wrote:
On Fri, Oct 02, 2015 at 03:36:06PM +0200, Peter Czanik wrote:
Do I see well, that AppArmor is turned on by default on Leap? It blocks the start of syslog-ng:
linux-e8yf:~ # syslog-ng -V Auto configuration failed 140266213013264:error:0200100D:system library:fopen:Permission denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb') If yes, is it OK, if I report it as a 42.1 beta1 bug? I run 42.1-current, but I guess this bug was already in beta1 too... Of course, please open a bug. Done: https://bugzilla.opensuse.org/show_bug.cgi?id=948584 Thanks for the bugreport!
A wild guess based on your error message would be to add #include <abstractions/openssl> to the /etc/apparmor.d/sbin.syslog-ng profile and to reload it using rcapparmor reload.
If that doesn't work, syslog-ng might need more permissions. In this case, please follow the detailed instructions I gave in the bugreport. It's not enough. It seems to me, that it needs some extra permissions related to journald. I could not find anything related to that under /etc/apparmor.d/ so I rather just posted my audit.log to bugzilla.
FYI, I've been working on the same problem over the weekend. http://bugzilla.opensuse.org/show_bug.cgi?id=948753 -- Per Jessen, Zürich (14.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
Christian Boltz -
Marcus Meissner -
Per Jessen -
Peter Czanik