AppArmor denials for rsyslog
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gce-compute-image-packages (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Lunar |
New
|
Undecided
|
Unassigned | ||
rsyslog (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lunar |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The AppArmor profile for rsyslog, which had been disabled on previous Ubuntu versions, was enabled in lunar.
The package google-
google:
# Google Compute Engine default console logging.
#
# daemon: logging from Google provided daemons.
# kern: logging information in case of an unexpected crash during boot.
#
daemon,kern.* /dev/console
google:
google-
So in gce cloud images, we are getting the following denials:
[ 1500.302082] audit: type=1400 audit(167787688
To fix it, we just need to add
/dev/console rw,
to /etc/apparmor.
or the same permission should be added to a file in /etc/apparmor.
Related branches
- Andreas Hasenack (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 28 lines (+9/-0)2 files modifieddebian/changelog (+7/-0)
debian/usr.sbin.rsyslogd (+2/-0)
description: | updated |
Hey Georgia!
Thank you for the report - this is certainly something we could do on our end in the cloud image. Let us do some testing to ensure no regressions are introduced doing this. I'll come back with more information soon.
All the best,
Chlo