Hello, Am Montag, 5. Oktober 2015 schrieb Per Jessen:
Christian Boltz wrote:
Am Sonntag, 4. Oktober 2015 schrieb Per Jessen:
c) syslog-ng apparmor profile
Non-existent?
/etc/apparmor.d/sbin.syslog-ng is in the apparmor-profiles package. Is this package installed?
Yes, it is installed:
/sbin/syslog-ng is a symlink to /usr/sbin/syslog-ng.
To get syslog-ng to run, I went through starting it, then running aa-genprof etc. It seemed the profile was non-existent. When I run "/usr/sbin/syslog-ng -F" from the command line, it doesn't pick up the sbin.syslog profile, does it?
The filenames in /etc/apparmor.d/ don't really matter - you could name a profile file /etc/apparmor.d/whatever-i-want and AppArmor would still only look at the content ;-) [1] In the case of syslog-ng, the profile starts with profile syslog-ng /{usr/,}sbin/syslog-ng { which means the profile applies to both /sbin/syslog-ng and /usr/sbin/syslog-ng. The "profile syslog-ng" part sets the profile name which basically makes sure that it will appear with just "syslog-ng" in the audit.log - but even if it would just be /{usr/,}sbin/syslog-ng { it would still apply to /sbin/syslog-ng and /usr/sbin/syslog-ng. To answer the aa-genprof part - aa-genprof isn't smart enough to check/find profiles that attach to multiple binaries (like {..,..} alternations or wildcards) [2], so it didn't notice that /{usr/,}sbin/syslog-ng is already there. Therefore aa-genprof created a /usr/sbin/syslog-ng profile for you. At least this explains why aa-genprof asked you for things that were already allowed in the "official" profile - I already wondered what is going on when reading your bugreport (#948753). Note that you now have two more or less conflicting profiles loaded. I'd guess that your /usr/sbin/syslog-ng profile is used because it's an exact match, but that's probably not what you want. Therefore I'd recommend to delete "your" profile, run "rcapparmor reload" and then restart syslog-ng so that it uses the "official" profile. Regards, Christian Boltz [1] there are exceptions - for example, *.rpmnew files are ignored for obvious reasons [2] I know there is room for improvement, but unfortunately my days only have 24 hours ;-) -- 240 TB also... das wären dann die Konfigurationsdateien. Und die ganzen "Nutzdaten"? MP3's? jpg's? Wo haben die Platz? [Andreas Feile in suse-linux] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org