[Bug 2101180] Re: Multiple DENIED apparmor messages when using rsyslog with the imfile module
ptitoliv
2101180 at bugs.launchpad.net
Fri Mar 7 20:55:42 UTC 2025
** Attachment added: "rsyslog.tar.gz"
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2101180/+attachment/5863328/+files/rsyslog.tar.gz
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/2101180
Title:
Multiple DENIED apparmor messages when using rsyslog with the imfile
module
Status in rsyslog package in Ubuntu:
New
Bug description:
When enabling the imfile module in order to watch
/var/log/audit/audit.log file, the following traces are generated in
logs regularly :
type=AVC msg=audit(1741370794.968:9963561): apparmor="DENIED" operation="open" profile="rsyslogd" name="/" pid=67348 comm="in:imfile" requested_mask="r" denied_mask="r" fsuid=106 ouid=0
type=AVC msg=audit(1741370794.968:9963562): apparmor="DENIED" operation="open" profile="rsyslogd" name="/var/" pid=67348 comm="in:imfile" requested_mask="r" denied_mask="r" fsuid=106 ouid=0
type=AVC msg=audit(1741370794.968:9963563): apparmor="DENIED" operation="open" profile="rsyslogd" name="/var/log/" pid=67348 comm="in:imfile" requested_mask="r" denied_mask="r" fsuid=106 ouid=0
As a small fix, I had to add the following lines into the rsyslogd
apparmor configuration file :
/ r,
/var r,
/var/** r,
Could it be a possible bug ?
Behaviour detected on Ubuntu 22.04
rsyslog package : 8.2406.0-1ubuntu2
Behaviour expected : No DENIED apparmor actions when using the imfile
module.
Thanks !
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2101180/+subscriptions
More information about the foundations-bugs
mailing list