[Bug 914820] [NEW] add disabled by default apparmor profile

Jamie Strandboge jamie at ubuntu.com
Wed Jan 11 16:06:43 UTC 2012 

Public bug reported:

Rsyslog is a daemon installed on all Ubuntu systems and processes
unfiltered input. While it has a solid design, it would be nice if we
could provide an AppArmor profile for it that people can opt into. The
profile can be enabled in the normal way 'sudo aa-enforce
/etc/apparmor.d/usr.sbin.rsyslogd' and is expected to work in the
default installation.

While it would be very desirable to turn this on by default in the
future, I don't think we should for 12.04 since getting the profile
wrong would result in no logging outout. Also, rsyslog is difficult to
maintain because it is highly configurable, however the default profile
should cover many use cases when writing files in /var/log.

** Affects: rsyslog (Ubuntu)
     Importance: Wishlist
     Assignee: Jamie Strandboge (jdstrand)
         Status: In Progress

** Affects: rsyslog (Ubuntu Precise)
     Importance: Wishlist
     Assignee: Jamie Strandboge (jdstrand)
         Status: In Progress

** Also affects: rsyslog (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Changed in: rsyslog (Ubuntu Precise)
   Importance: Undecided => Wishlist

** Changed in: rsyslog (Ubuntu Precise)
       Status: New => In Progress

** Changed in: rsyslog (Ubuntu Precise)
    Milestone: None => precise-alpha-2

** Changed in: rsyslog (Ubuntu Precise)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/914820

Title:
  add disabled by default apparmor profile

Status in “rsyslog” package in Ubuntu:
  In Progress
Status in “rsyslog” source package in Precise:
  In Progress

Bug description:
  Rsyslog is a daemon installed on all Ubuntu systems and processes
  unfiltered input. While it has a solid design, it would be nice if we
  could provide an AppArmor profile for it that people can opt into. The
  profile can be enabled in the normal way 'sudo aa-enforce
  /etc/apparmor.d/usr.sbin.rsyslogd' and is expected to work in the
  default installation.

  While it would be very desirable to turn this on by default in the
  future, I don't think we should for 12.04 since getting the profile
  wrong would result in no logging outout. Also, rsyslog is difficult to
  maintain because it is highly configurable, however the default
  profile should cover many use cases when writing files in /var/log.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/914820/+subscriptions

More information about the foundations-bugs mailing list