Public bug reported:
The AA profile of rsyslog prevents it from reading /run/utmp when
"ulimit -l" is reached by another process.
Steps to reproduce:
1) Enable AA profile of rsyslog
rm /etc/apparmor.d/disable/usr.sbin.rsyslogd
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.rsyslogd
2) Setup openvpn using large certs and using --mlock
3) Start OpenVPN and notice errors like those:
Sep 6 00:19:22 jupiter kernel: [ 4048.714972] type=1400
audit(1409977162.226:41): apparmor="DENIED" operation="open"
profile="/usr/sbin/rsyslogd" name="/run/utmp" pid=4181
comm=72733A6D61696E20513A526567 requested_mask="r" denied_mask="r" fsuid=101
ouid=0
Sep 6 00:24:03 jupiter kernel: [ 4330.456007] type=1400
audit(1409977443.978:46): apparmor="DENIED" operation="file_lock"
profile="/usr/sbin/rsyslogd" name="/run/utmp" pid=6844
comm=72733A6D61696E20513A526567 requested_mask="k" denied_mask="k" fsuid=101
ouid=0
A workaround is to add "/run/utmp rk," to rsyslog's profile.
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# apt-cache policy rsyslog
rsyslog:
Installed: 7.4.4-1ubuntu2.1
Candidate: 7.4.4-1ubuntu2.1
Version table:
*** 7.4.4-1ubuntu2.1 0
500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
100 /var/lib/dpkg/status
7.4.4-1ubuntu2 0
500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: rsyslog 7.4.4-1ubuntu2.1
ProcVersionSignature: Ubuntu 3.13.0-36.63-generic 3.13.11.6
Uname: Linux 3.13.0-36-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: amd64
CurrentDesktop: Unity
Date: Sat Sep 6 00:24:53 2014
InstallationDate: Installed on 2014-01-26 (222 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
SourcePackage: rsyslog
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.logcheck.ignore.d.server.rsyslog: [deleted]
** Affects: rsyslog (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1366261
Title:
Apparmor prevents reading /run/utmp
Status in “rsyslog” package in Ubuntu:
New
Bug description:
The AA profile of rsyslog prevents it from reading /run/utmp when
"ulimit -l" is reached by another process.
Steps to reproduce:
1) Enable AA profile of rsyslog
rm /etc/apparmor.d/disable/usr.sbin.rsyslogd
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.rsyslogd
2) Setup openvpn using large certs and using --mlock
3) Start OpenVPN and notice errors like those:
Sep 6 00:19:22 jupiter kernel: [ 4048.714972] type=1400
audit(1409977162.226:41): apparmor="DENIED" operation="open"
profile="/usr/sbin/rsyslogd" name="/run/utmp" pid=4181
comm=72733A6D61696E20513A526567 requested_mask="r" denied_mask="r" fsuid=101
ouid=0
Sep 6 00:24:03 jupiter kernel: [ 4330.456007] type=1400
audit(1409977443.978:46): apparmor="DENIED" operation="file_lock"
profile="/usr/sbin/rsyslogd" name="/run/utmp" pid=6844
comm=72733A6D61696E20513A526567 requested_mask="k" denied_mask="k" fsuid=101
ouid=0
A workaround is to add "/run/utmp rk," to rsyslog's profile.
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# apt-cache policy rsyslog
rsyslog:
Installed: 7.4.4-1ubuntu2.1
Candidate: 7.4.4-1ubuntu2.1
Version table:
*** 7.4.4-1ubuntu2.1 0
500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64
Packages
100 /var/lib/dpkg/status
7.4.4-1ubuntu2 0
500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: rsyslog 7.4.4-1ubuntu2.1
ProcVersionSignature: Ubuntu 3.13.0-36.63-generic 3.13.11.6
Uname: Linux 3.13.0-36-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: amd64
CurrentDesktop: Unity
Date: Sat Sep 6 00:24:53 2014
InstallationDate: Installed on 2014-01-26 (222 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
SourcePackage: rsyslog
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.logcheck.ignore.d.server.rsyslog: [deleted]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1366261/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
