Mailinglist Archive: opensuse-factory (1324 mails)

< Previous Next >
Re: [opensuse-factory] syslog-ng / apparmor issue
On Mon, Oct 05, 2015 at 08:42:22AM +0200, Per Jessen wrote:
Marcus Meissner wrote:

On Mon, Oct 05, 2015 at 08:27:33AM +0200, Per Jessen wrote:
Per Jessen wrote:

/sbin/syslog-ng is a symlink to /usr/sbin/syslog-ng.

To get syslog-ng to run, I went through starting it, then running
aa-genprof etc.
It seemed the profile was non-existent. When I run
"/usr/sbin/syslog-ng -F" from the command line, it doesn't pick up
the sbin.syslog profile, does it?

I copied sbin.syslog-ng to usr.sbin.syslog-ng, then tried starting

# /sbin/syslog-ng -F
Auto configuration failed
139651616061200:error:0200100D:system library:fopen:Permission
139651616061200:error:2006D002:BIO routines:BIO_new_file:system
139651616061200:error:0E078002:configuration file
routines:DEF_LOAD:system lib:conf_def.c:199:

# aa-genprof /usr/sbin/syslog-ng

/etc/apparmor.d/usr.sbin.syslog-ng contains no profile


You notice perhaps that you use /usr/sbin instead of /sbin/

Yes, I just use what the systemd unit uses too.

But then, you probably just want to run:


I did try that too, it produces a lengthy list of changes
to /usr/sbin/ntpd and some for /usr/sbin/syslog-ng

Looking at the changes proposed for /usr/sbin/syslog-ng:

--- /etc/apparmor.d/usr.sbin.ntpd 2015-10-04 00:16:23.000000000
+++ /tmp/tmpsr5a9xm7 2015-10-05 08:37:54.707820567 +0200
@@ -17,6 +17,8 @@
#include <abstractions/openssl>
# #include <abstractions/xad>

+ #include <local/usr.sbin.ntpd>
capability dac_override,
capability ipc_lock,
capability net_bind_service,

local/usr.sbin.ntpd is empty.

Adding #include <abstractions/openssl> and #include <abstractions/nameservice>
for the syslog-ng profile would help.

ALso open a bug for the other missing listed files I think.

Ciao, Marcus
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups