Comment 0 for bug 2009230

The AppArmor profile for rsyslog, which had been disabled on previous Ubuntu versions, was enabled in lunar.

The package google-compute-engine added a config file to rsyslog which requires rw access to /dev/console

google:ubuntu-23.04-64 /root# cat /etc/rsyslog.d/90-google.conf
# Google Compute Engine default console logging.
#
# daemon: logging from Google provided daemons.
# kern: logging information in case of an unexpected crash during boot.
#
daemon,kern.* /dev/console

google:ubuntu-23.04-64 /root# apt-file search /etc/rsyslog.d/90-google.conf
google-compute-engine: /etc/rsyslog.d/90-google.conf

So in gce cloud images, we are getting the following denials:

[ 1500.302082] audit: type=1400 audit(1677876883.728:495): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/dev/console" pid=603 comm=72733A6D61696E20513A526567 requested_mask="ac" denied_mask="ac" fsuid=101 ouid=0

To fix it, we just need to add
  /dev/console rw,
to /etc/apparmor.d/usr.sbin.rsyslogd