Public bug reported:
There is an AppArmor regression in current noble. In cockpit we recently
started to test on noble (to prevent the "major regressions after
release" fiasco from 23.10 again).
For some weird reason, rsyslog is installed *by default* [1] in the
cloud images. That is a rather pointless waste of CPU and disk space, as
it's an unnecessary running daemon and duplicates all the written logs.
But more specifically, we noticed [2] an AppArmor rejection. Reproducer
is simple:
logger -p user.emerg --tag check-journal EMERGENCY_MESSAGE
this causes
type=1400 audit(1710168739.345:108): apparmor="DENIED"
operation="open" class="file" profile="rsyslogd"
name="/run/systemd/sessions/" pid=714 comm=72733A6D61696E20513A526567
requested_mask="r" denied_mask="r" fsuid=102 ouid=0
Note that it doesn't actually fail, the "EMERGENCY_MESSAGE" does appear
in the journal and also in /var/log/syslog. But it's some noise that
triggers our (and presumbly other admin's) log detectors.
rsyslog 8.2312.0-3ubuntu3
apparmor 4.0.0~alpha4-0ubuntu1
[1]
https://cloud-images.ubuntu.com/daily/server/noble/current/noble-server-cloudimg-amd64.manifest
[2]
https://cockpit-logs.us-east-1.linodeobjects.com/pull-6048-20240311-125838-b465e9b2-ubuntu-stable-other-cockpit-project-cockpit/log.html#118
** Affects: rsyslog (Ubuntu)
Importance: Undecided
Status: New
** Affects: rsyslog (Ubuntu Noble)
Importance: Undecided
Status: New
** Tags: apparmor cockpit-test noble regression-release
** Also affects: rsyslog (Ubuntu Noble)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/2056768
Title:
apparmor="DENIED" operation="open" class="file" profile="rsyslogd"
name="/run/systemd/sessions/"
Status in rsyslog package in Ubuntu:
New
Status in rsyslog source package in Noble:
New
Bug description:
There is an AppArmor regression in current noble. In cockpit we
recently started to test on noble (to prevent the "major regressions
after release" fiasco from 23.10 again).
For some weird reason, rsyslog is installed *by default* [1] in the
cloud images. That is a rather pointless waste of CPU and disk space,
as it's an unnecessary running daemon and duplicates all the written
logs.
But more specifically, we noticed [2] an AppArmor rejection.
Reproducer is simple:
logger -p user.emerg --tag check-journal EMERGENCY_MESSAGE
this causes
type=1400 audit(1710168739.345:108): apparmor="DENIED"
operation="open" class="file" profile="rsyslogd"
name="/run/systemd/sessions/" pid=714 comm=72733A6D61696E20513A526567
requested_mask="r" denied_mask="r" fsuid=102 ouid=0
Note that it doesn't actually fail, the "EMERGENCY_MESSAGE" does
appear in the journal and also in /var/log/syslog. But it's some noise
that triggers our (and presumbly other admin's) log detectors.
rsyslog 8.2312.0-3ubuntu3
apparmor 4.0.0~alpha4-0ubuntu1
[1]
https://cloud-images.ubuntu.com/daily/server/noble/current/noble-server-cloudimg-amd64.manifest
[2]
https://cockpit-logs.us-east-1.linodeobjects.com/pull-6048-20240311-125838-b465e9b2-ubuntu-stable-other-cockpit-project-cockpit/log.html#118
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2056768/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
