Hi Richard Am 01.08.25 um 19:01 schrieb Richard Lewis:
I see 3 possible ways forward
Thanks for glossing over the fact that I'm apparently unable to count to 4 :-)
On a cursory glance, I think 3) would be the best option but I would welcome your opionion on this matter.How about a variant of 2 --- change the logcheck rules inside the test, only if /proc/kmesg is restricted if [ "/proc/kmesg" is readable (?) ] ; then echo "rules matching the error" > /etc/logcheck/ignore.d.server/foo fi # rest of test as before then the logcheck in the test will ignore those messages in debusine, but be unaffected on salsa (i dont know what the test should be though). and if debusine changes it will then be a no-op. (i havnt looked at the test, but from what i remember this should work, can have a look)
I like this idea.That said, I don't know, how access to /proc/kmsg is restricted inside debusine and how we can devise a robust check for that.
The error message indicates, that the file exists but is not even accessible to root.
Michael
OpenPGP_signature.asc
Description: OpenPGP digital signature
