Mailinglist Archive: opensuse-factory (1324 mails)

< Previous Next >
Re: [opensuse-factory] syslog-ng / apparmor issue
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Mon, 05 Oct 2015 11:48:56 +0200
  • Message-id: <muth27$5se$1@saturn.local.net>
Marcus Meissner wrote:

Looking at the changes proposed for /usr/sbin/syslog-ng:

--- /etc/apparmor.d/usr.sbin.ntpd 2015-10-04 00:16:23.000000000
+0200
+++ /tmp/tmpsr5a9xm7 2015-10-05 08:37:54.707820567 +0200
@@ -17,6 +17,8 @@
#include <abstractions/openssl>
# #include <abstractions/xad>

+ #include <local/usr.sbin.ntpd>
+
capability dac_override,
capability ipc_lock,
capability net_bind_service,


local/usr.sbin.ntpd is empty.

Adding #include <abstractions/openssl> and #include
<abstractions/nameservice> for the syslog-ng profile would help.

That one is already present:
#include <abstractions/nameservice>

I added

#include <abstractions/openssl>

and reloaded the profile with "apparmor_parser -r usr.sbin.syslog-ng".

# /usr/sbin/syslog-ng -F
Auto configuration failed
140010407282448:error:0200100D:system library:fopen:Permission
denied:bss_file.c:173:fopen('/etc/ssl/openssl.cnf','rb')
140010407282448:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:178:
140010407282448:error:0E078002:configuration file
routines:DEF_LOAD:system lib:conf_def.c:199:


ALso open a bug for the other missing listed files I think.

Will do.



--
Per Jessen, Zürich (14.7°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >