[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
I'm not really looking into syslog-ng. The apparmor profile change I did was to rsyslog, and that's where I tried to reproduce this issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: Fix Released Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
> The syslog-ng profile needs flags=(attach_disconnected) added to it I failed to reproduce this with syslog-ng, but i guess i didn't configure syslog-ng correctly to attempt attaching to /dev/log I am also not sure of os-prober usage of logger is correct, and if it actually wants to use that all, or if it should simply use journald only, or nothing at all. Reading attach_disconnected sounds scary, i'm not sure what os-prober can do better here. bind-mount /dev/log socket into it's new mount namespace? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: Fix Released Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
This bug was fixed in the package os-prober - 1.81ubuntu2 --- os-prober (1.81ubuntu2) lunar; urgency=medium * Ignore logger socket-errors to workaround apparmor denials. (LP: #1826294) -- Dimitri John Ledkov Tue, 07 Mar 2023 13:28:14 + ** Changed in: os-prober (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: Fix Released Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
Sorry, works just fine in this lunar vm here: # id; logger before; ./reproducer.sh ; logger after uid=0(root) gid=0(root) groups=0(root) + set -e + . /usr/share/os-prober/common.sh + cleanup_tmpdir=false + progname= + type mapdevfs + newns + [ ] + exec /usr/lib/os-prober/newns ./reproducer.sh + set -e + . /usr/share/os-prober/common.sh + cleanup_tmpdir=false + progname= + type mapdevfs + newns + [ 1 ] + log hello + cache_progname + progname=reproducer.sh + logger -t reproducer.sh hello journal: Mar 07 18:25:21 l-rsyslog-osprober root[2073]: before Mar 07 18:25:21 l-rsyslog-osprober reproducer.sh[2075]: hello Mar 07 18:25:21 l-rsyslog-osprober root[2076]: after # uname -r 6.1.0-16-generic # ps axwZ|grep rsyslog|grep -v grep rsyslogd (enforce) 687 ?Ssl0:00 /usr/sbin/rsyslogd -n -iNONE systemd-journald-dev-log.socket is also running. But I tried on amd64. Trying on arm64 will take more time. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: New Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
The syslog-ng profile needs flags=(attach_disconnected) added to it -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: New Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
Steps i can reproduce: wget https://bugs.launchpad.net/ubuntu/+source/os- prober/+bug/1826294/+attachment/5652492/+files/reproducer.sh chmod +x reproducer.sh sudo journalctl -f -e & clear sudo ./reproducer.sh -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: New Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
This is Ubuntu desktop install. rsyslog.service is active and running, systemd-journald-dev-log.socket is running. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: New Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
** Attachment added: "reproducer.sh" https://bugs.launchpad.net/ubuntu/+source/os-prober/+bug/1826294/+attachment/5652492/+files/reproducer.sh -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: New Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
** Merge proposal linked: https://code.launchpad.net/~xnox/ubuntu/+source/os-prober/+git/os-prober/+merge/438461 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: New Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
I'll try to reproduce it and amend the profile as needed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: New Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1826294] Re: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket"
yeah i get apparmor="DENIED" info="Failed name loookup - disconnected path", which breaks os-prober. ** Changed in: os-prober (Ubuntu) Importance: Undecided => Critical ** Also affects: rsyslog (Ubuntu) Importance: Undecided Status: New ** Changed in: rsyslog (Ubuntu) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1826294 Title: os-prober exits prematurely with "logger: socket /dev/log: Protocol wrong type for socket" Status in AppArmor Profiles: New Status in os-prober package in Ubuntu: New Status in rsyslog package in Ubuntu: New Bug description: Failure occurs on Ubuntu 16.04 with the apparmor- profiles-2.10.95-0ubuntu2.10 package installed. Running update-grub will run /usr/bin/os-prober, which spews about a dozen of the following line to stderr: logger: socket /dev/log: Protocol wrong type for socket … but fails to report the existence of some installed operating systems as expected. Furthermore, /var/log/messages contains: kernel: audit: type=1400 audit(1556043066.679:11460): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="syslog-ng" name="dev/log" pid=28566 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Here is a stripped-down skeleton of the /usr/bin/os-prober script, which demonstrates the problem: #!/bin/sh set -e -x newns () { [ "$OS_PROBER_NEWNS" ] || exec /usr/lib/os-prober/newns "$0" "$@" } log() { logger -t "$(basename "$0")" "$@" } debug() { log "debug: $@" } ls -l /dev/log debug "Hello world" newns "$@" The expected behavior is that it should write "debug: os-prober- testcase Hello world" to /var/log/messages twice. However, it only succeeds in writing "Hello world" once. After the script respawns itself with /usr/lib/os-prober/newns (which is like `unshare -m`), the second attempt to write to /dev/log fails as described above. Since the os-prober Bash script runs with the -e flag, any error, even just a logging error, causes the script to terminate prematurely. (Arguably, the log() function should call `logger -t "$(basename "$0")" "$@" || :` so that logging failures aren't fatal.) The fix, for me, is to edit /etc/apparmor.d/sbin.syslog-ng, and change profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {\ … } to profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain,attach_disconnected) { … } … then run `aa-complain sbin.syslog-ng` and `service syslog-ng restart`, before running update-grub again. I assume that similar fixes would be required for the other logging daemons. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor-profiles/+bug/1826294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp