[Bug 2072702] Re: AppArmor profile prevents use of TLS keys and certificates
Simon Déziel
2072702 at bugs.launchpad.net
Thu Jul 11 00:46:42 UTC 2024
@Orion, /etc/ipa isn't a standard location. I think you'd be better off
either adding a local override in
/etc/apparmor.d/local/usr.sbin.rsyslogd or maybe put the CA file
somewhere under /etc/rsyslog.d/. The later path is already something the
rsyslogd profile allows reading.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/2072702
Title:
AppArmor profile prevents use of TLS keys and certificates
Status in rsyslog package in Ubuntu:
New
Bug description:
I'm trying to use the following configuration:
# certificate files
$DefaultNetstreamDriverCAFile /etc/ipa/ca.crt
$DefaultNetstreamDriverCertFile /etc/ssl/certs/FQDN.crt
$DefaultNetstreamDriverKeyFile /etc/ssl/private/FQDN.key
But AppArmor prevents the loading of /etc/ipa/ca.crt and the key file.
I think rsyslog-gnutls should allow reading the key file.
But perhaps /etc/ipa/ca.crt needs to be added to
/etc/apparmor.d/abstractions/ssl_certs which is in the apparmor
package.
Version 8.2312.0-3ubuntu9
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2072702/+subscriptions
More information about the foundations-bugs
mailing list