Gábor, systemd is well-meaning in providing namespacing features so the thousands of daemons that are in the world don't have to re-implement something similar. But of course the kernel hook points used by AppArmor don't provide sufficient information to know what pathname to reconstruct when the named object isn't visible in the namespace where it was used.
Add /run/systemd/journal/dev-log w, to the profile, make sure attach_disconnected is used, and then you can return to using the systemd unit file. (Which is probably better than falling back to the sysv-init compatibility shims systemd uses.) Thanks -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1373070 Title: full fix for disconnected path (paths) Status in cups package in Ubuntu: Fix Released Status in linux package in Ubuntu: Triaged Status in rsyslog package in Ubuntu: Confirmed Bug description: With the apparmor 3 RC1 upload, there is an incomplete bug fix for disconnected paths. This bug is to track that work. This denial may be related: Sep 23 10:10:50 localhost kernel: [40262.517799] audit: type=1400 audit(1411485050.722:2862): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/rsyslogd" name="dev/log" pid=7011 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 This is related to bug 1375410 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1373070/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
