** Description changed: [ Impact ] - * An explanation of the effects of the bug on users and justification - for backporting the fix to the stable release. + rsyslog has an apparmor profile that we have been fine tuning as ubuntu + releases go by. Every now and then, a new rule needs to be added. - * In addition, it is helpful, but not required, to include an - explanation of how the upload fixes this bug. + In this particular case, the usage of the imjournal[1] module is being + blocked by apparmor. Specifically, these accesses are being denied: + + apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/log/journal/" pid=3351 comm="in:imjournal" requested_mask="r" denied_mask="r" fsuid=102 ouid=0 + apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/etc/machine-id" pid=3351 comm="in:imjournal" requested_mask="r" denied_mask="r" fsuid=102 ouid=0 + + This prevents the imjournal module from being used. + + + 1. https://www.rsyslog.com/doc/configuration/modules/imjournal.html [ Test Plan ] - * detailed instructions how to reproduce the bug + - Deploy the ubuntu release under verification in a VM - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package - fixes the problem. + - enable the imjournal module by creating a config file for it (the + whole command in one line): - * if other testing is appropriate to perform before landing this - update, this should also be described here. + echo 'module(load="imjournal" fileCreateMode="0666" + PersistStateInterval="999" + StateFile="/var/spool/rsyslog/journal_state")' | sudo tee + /etc/rsyslog.d/10-imjournal.conf + + - in another terminal, run this dmesg command: + + sudo dmesg -wT | grep apparmor | grep rsyslog + + - in yet another terminal, tail the logs: + + tail -f /var/log/syslog | grep rsyslogd + + - restart rsyslog: + + sudo systemctl restart rsyslog + + - with the affected version of rsyslog installed, you will see the + apparmor DENIED messages in the dmesg terminal, and error messages about + "imjournal" in the syslog logs + + - with the package from proposed, there should be no apparmor DENIED + messages, and no imjournal errors + [ Where problems could occur ] - * Think about what the upload changes in the software. Imagine the - change is wrong or breaks something else: how would this show up? + The extra apparmor rules we are adding allow reading of the systemd + journal, and the /etc/machine-id file. There are no extra rules allowing + writing, but we are allowing rsyslog to have access to more logs. But + that is its purpose, after all. - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the event - of a regression. + Specifically about the imjournal module, without this change, it is not + working already. - * This must never be "None" or "Low", or entirely an argument as to why - your upload is low risk. - - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. [ Other Info ] - - * Anything else you think is useful to include - - * Make sure to explain any deviation from the norm, to save the SRU - reviewer from having to infer your reasoning, possibly incorrectly. - This should also help reduce review iterations, particularly when the - reason for the deviation is not obvious. - - * Anticipate questions from users, SRU, +1 maintenance, security teams - and the Technical Board and address these questions in advance + Other apparmor rules are being added to rsyslog via this upload, closing other bugs: + - LP: #2056768 for noble only + - LP: #2061726 for noble, oracular, and plucky [ Original Description ] imjournal module fails to create /var/spool/rsyslog/journal-state file in ubuntu 24.04, rsyslog version(8.2312.0) x86 and s390x both, but works well in ubuntu 22.04 , rsyslog version(8.2112.0) x86 and s390x ******* Ubuntu 24.04 s390x lsb_release -rd No LSB modules are available. Description: Ubuntu 24.04 LTS Release: 24.04 # apt-cache policy rsyslog rsyslog: Installed: 8.2312.0-3ubuntu9 Candidate: 8.2312.0-3ubuntu9 Version table: *** 8.2312.0-3ubuntu9 500 500 http://ports.ubuntu.com/ubuntu-ports noble/main s390x Packages 100 /var/lib/dpkg/status Have below line in /etc/rsyslog.conf module(load="imjournal" fileCreateMode="0666" PersistStateInterval="999" StateFile="/var/spool/rsyslog/journal_state") ul 19 18:39:35 latest-logs systemd[1]: Starting rsyslog.service - System Logging Service... Jul 19 18:39:35 latest-logs rsyslogd[8647]: rsyslogd's groupid changed to 102 Jul 19 18:39:35 latest-logs rsyslogd[8647]: rsyslogd's userid changed to 102 Jul 19 18:39:35 latest-logs systemd[1]: Started rsyslog.service - System Logging Service. Jul 19 18:39:35 latest-logs rsyslogd[8647]: [origin software="rsyslogd" swVersion="8.2312.0" x-pid="8647" x-info="https://www.rsyslog.com";] start Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: No statefile exists, /var/spool/rsyslog/journal_state will be created (ignore if this is first run): No such file or directory > Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: Journal indicates no msgs when positioned at head. [v8.2312.0 try https://www.rsyslog.com/e/0 ] Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: journal files changed, reloading... [v8.2312.0 try https://www.rsyslog.com/e/0 ] Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: No statefile exists, /var/spool/rsyslog/journal_state will be created (ignore if this is first run): No such file or directory > Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: Journal indicates no msgs when positioned at head. [v8.2312.0 try https://www.rsyslog.com/e/0 ] lines 1-25/25 (END) FIle /var/spool/rsyslog/journal_state should have created and logs should have redirected to rsyslog server ****** In Ubuntu 22.04 all is working as expected # lsb_release -rd Description: Ubuntu 22.04.4 LTS Release: 22.04 #apt-cache policy rsyslog rsyslog: Installed: 8.2112.0-2ubuntu2.2 Candidate: 8.2112.0-2ubuntu2.2 Version table: *** 8.2112.0-2ubuntu2.2 100 100 /var/lib/dpkg/status Use the same line as above in /etc/rsyslog.conf restart service. it did gave error about fileCreateMode which got ignored and proceeded to create the journal-state file and continued without any error Jul 19 18:44:37 systemd[1]: Starting System Logging Service... Jul 19 18:44:37 rsyslogd[13664]: error during parsing file /etc/rsyslog.conf, on or before line 16: parameter 'fileCreateMode' not known -- typo in co> Jul 19 18:44:37 systemd[1]: Started System Logging Service. Jul 19 18:44:37 rsyslogd[13664]: rsyslogd's groupid changed to 111 Jul 19 18:44:37 rsyslogd[13664]: rsyslogd's userid changed to 104 Jul 19 18:44:37 rsyslogd[13664]: [origin software="rsyslogd" swVersion="8.2112.0" x-pid="13664" x-info="https://www.rsyslog.com";] start Jul 19 18:44:37 rsyslogd[13664]: imjournal: journal files changed, reloading... [v8.2112.0 try https://www.rsyslog.com/e/0 ] /var/spool/rsyslog# ls journal_state ***** please help with this issue
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/2073628 Title: imjournal module works with rsyslog package of ubuntu 22.04 but not with ubuntu 24.04 Status in rsyslog package in Ubuntu: Confirmed Status in rsyslog source package in Noble: Confirmed Status in rsyslog source package in Oracular: Confirmed Status in rsyslog source package in Plucky: Confirmed Bug description: [ Impact ] rsyslog has an apparmor profile that we have been fine tuning as ubuntu releases go by. Every now and then, a new rule needs to be added. In this particular case, the usage of the imjournal[1] module is being blocked by apparmor. Specifically, these accesses are being denied: apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/log/journal/" pid=3351 comm="in:imjournal" requested_mask="r" denied_mask="r" fsuid=102 ouid=0 apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/etc/machine-id" pid=3351 comm="in:imjournal" requested_mask="r" denied_mask="r" fsuid=102 ouid=0 This prevents the imjournal module from being used. 1. https://www.rsyslog.com/doc/configuration/modules/imjournal.html [ Test Plan ] - Deploy the ubuntu release under verification in a VM - enable the imjournal module by creating a config file for it (the whole command in one line): echo 'module(load="imjournal" fileCreateMode="0666" PersistStateInterval="999" StateFile="/var/spool/rsyslog/journal_state")' | sudo tee /etc/rsyslog.d/10-imjournal.conf - in another terminal, run this dmesg command: sudo dmesg -wT | grep apparmor | grep rsyslog - in yet another terminal, tail the logs: tail -f /var/log/syslog | grep rsyslogd - restart rsyslog: sudo systemctl restart rsyslog - with the affected version of rsyslog installed, you will see the apparmor DENIED messages in the dmesg terminal, and error messages about "imjournal" in the syslog logs - with the package from proposed, there should be no apparmor DENIED messages, and no imjournal errors [ Where problems could occur ] The extra apparmor rules we are adding allow reading of the systemd journal, and the /etc/machine-id file. There are no extra rules allowing writing, but we are allowing rsyslog to have access to more logs. But that is its purpose, after all. Specifically about the imjournal module, without this change, it is not working already. [ Other Info ] Other apparmor rules are being added to rsyslog via this upload, closing other bugs: - LP: #2056768 for noble only - LP: #2061726 for noble, oracular, and plucky [ Original Description ] imjournal module fails to create /var/spool/rsyslog/journal-state file in ubuntu 24.04, rsyslog version(8.2312.0) x86 and s390x both, but works well in ubuntu 22.04 , rsyslog version(8.2112.0) x86 and s390x ******* Ubuntu 24.04 s390x lsb_release -rd No LSB modules are available. Description: Ubuntu 24.04 LTS Release: 24.04 # apt-cache policy rsyslog rsyslog: Installed: 8.2312.0-3ubuntu9 Candidate: 8.2312.0-3ubuntu9 Version table: *** 8.2312.0-3ubuntu9 500 500 http://ports.ubuntu.com/ubuntu-ports noble/main s390x Packages 100 /var/lib/dpkg/status Have below line in /etc/rsyslog.conf module(load="imjournal" fileCreateMode="0666" PersistStateInterval="999" StateFile="/var/spool/rsyslog/journal_state") ul 19 18:39:35 latest-logs systemd[1]: Starting rsyslog.service - System Logging Service... Jul 19 18:39:35 latest-logs rsyslogd[8647]: rsyslogd's groupid changed to 102 Jul 19 18:39:35 latest-logs rsyslogd[8647]: rsyslogd's userid changed to 102 Jul 19 18:39:35 latest-logs systemd[1]: Started rsyslog.service - System Logging Service. Jul 19 18:39:35 latest-logs rsyslogd[8647]: [origin software="rsyslogd" swVersion="8.2312.0" x-pid="8647" x-info="https://www.rsyslog.com";] start Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: No statefile exists, /var/spool/rsyslog/journal_state will be created (ignore if this is first run): No such file or directory > Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: Journal indicates no msgs when positioned at head. [v8.2312.0 try https://www.rsyslog.com/e/0 ] Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: journal files changed, reloading... [v8.2312.0 try https://www.rsyslog.com/e/0 ] Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: No statefile exists, /var/spool/rsyslog/journal_state will be created (ignore if this is first run): No such file or directory > Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: Journal indicates no msgs when positioned at head. [v8.2312.0 try https://www.rsyslog.com/e/0 ] lines 1-25/25 (END) FIle /var/spool/rsyslog/journal_state should have created and logs should have redirected to rsyslog server ****** In Ubuntu 22.04 all is working as expected # lsb_release -rd Description: Ubuntu 22.04.4 LTS Release: 22.04 #apt-cache policy rsyslog rsyslog: Installed: 8.2112.0-2ubuntu2.2 Candidate: 8.2112.0-2ubuntu2.2 Version table: *** 8.2112.0-2ubuntu2.2 100 100 /var/lib/dpkg/status Use the same line as above in /etc/rsyslog.conf restart service. it did gave error about fileCreateMode which got ignored and proceeded to create the journal-state file and continued without any error Jul 19 18:44:37 systemd[1]: Starting System Logging Service... Jul 19 18:44:37 rsyslogd[13664]: error during parsing file /etc/rsyslog.conf, on or before line 16: parameter 'fileCreateMode' not known -- typo in co> Jul 19 18:44:37 systemd[1]: Started System Logging Service. Jul 19 18:44:37 rsyslogd[13664]: rsyslogd's groupid changed to 111 Jul 19 18:44:37 rsyslogd[13664]: rsyslogd's userid changed to 104 Jul 19 18:44:37 rsyslogd[13664]: [origin software="rsyslogd" swVersion="8.2112.0" x-pid="13664" x-info="https://www.rsyslog.com";] start Jul 19 18:44:37 rsyslogd[13664]: imjournal: journal files changed, reloading... [v8.2112.0 try https://www.rsyslog.com/e/0 ] /var/spool/rsyslog# ls journal_state ***** please help with this issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2073628/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
