[Bug 1100060] Re: apparmor profile denies access to /run/utmp

Tue Jan 15 22:30:51 UTC 2013

Another intresting thing to note, apport-bug experienced a crash when
reporting this bug:

root at log:~# apport-bug rsyslog

*** Collecting problem information

The collected information can be sent to the developers to improve the
application. This might take a few minutes.
..............
*** It seems you have modified the contents of "/etc/rsyslog.conf".  Would you like to add the contents of it to your bug report?

What would you like to do? Your options are:
  Y: Yes
  N: No
  C: Cancel
Please choose (Y/N/C): y
ERROR: hook /usr/share/apport/general-hooks/ubuntu.py crashed:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/apport/report.py", line 719, in add_hooks_info
    symb['add_info'](self, ui)
  File "/usr/share/apport/general-hooks/ubuntu.py", line 144, in add_info
    stderr=subprocess.STDOUT) == 0:
  File "/usr/lib/python2.7/subprocess.py", line 493, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib/python2.7/subprocess.py", line 679, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1249, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
..

The bug report continued apparently normally but some bug attachments
seem to be missing.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1100060

Title:
  apparmor profile denies access to /run/utmp

Status in “rsyslog” package in Ubuntu:
  New

Bug description:
  The Apparmor profile of rsyslogd, when enabled, prevents the daemon
  from reading /run/utmp:

  Jan 15 16:59:53 log kernel: [15515.765872] type=1400
  audit(1358287193.318:13): apparmor="DENIED" operation="open" parent=1
  profile="/usr/sbin/rsyslogd" name="/run/utmp" pid=592
  comm=72733A6D61696E20513A526567 requested_mask="r" denied_mask="r"
  fsuid=101 ouid=0

  This is the first time I see this denial since I enabled the profile
  many months ago. The easy fix seems to simply include the "wutmp"
  abstraction to the profile.

  The only thing I can see that could have triggered this, is the
  *heavy* IO load of the underlying hypervisor powering this VM. Other
  VMs on the same hypervisor emitted "BUG: soft lockup - CPU#0 stuck for
  39s! [flush-253:0:734]" at the same second as the rsyslog apparmor
  denial.

  $ lsb_release -rd
  Description:	Ubuntu 12.04.1 LTS
  Release:	12.04

  $ apt-cache policy rsyslog
  rsyslog:
    Installed: 5.8.6-1ubuntu8
    Candidate: 5.8.6-1ubuntu8
    Version table:
   *** 5.8.6-1ubuntu8 0
          500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
          100 /var/lib/dpkg/status

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: rsyslog 5.8.6-1ubuntu8
  ProcVersionSignature: Ubuntu 3.2.0-35.55-virtual 3.2.34
  Uname: Linux 3.2.0-35-virtual x86_64
  NonfreeKernelModules: xt_tcpudp xt_recent xt_owner xt_limit xt_conntrack nf_nat_ftp nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ftp ipt_MASQUERADE ipt_LOG iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_filter ip_tables ip6t_LOG ip6table_filter ip6_tables x_tables
  ApportVersion: 2.0.1-0ubuntu17.1
  Architecture: amd64
  Date: Tue Jan 15 17:08:14 2013
  MarkForUpload: True
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: rsyslog
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.rsyslog.conf: 2012-04-16T23:17:45.198820

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1100060/+subscriptions