Fun stuff. Got bitten by this for rsyslogd now.
LibreNMS has an rsyslog config to log through its syslog.php:
if $syslogpriority < 7 then action(type="omprog"
binary="/srv/librenms/syslog.php" template="librenms")
That should be easy to allow:
/usr/bin/php* ix,
/usr/bin/stty ix,
/etc/php/** r,
/srv/librenms/syslog.php ix,
/srv/librenms/** rwk,
/{,var/}run/mysqld/mysqld.sock rw,
But alas, the connect to mysqld.sock fails with:
audit: type=1400 audit(1736955305.142:295109): apparmor="DENIED"
operation="connect" class="file" info="Failed name lookup - disconnected
path" error=-13 profile="rsyslogd" name="run/mysqld/mysqld.sock"
pid=680226 comm="php" requested_mask="wr" denied_mask="wr" fsuid=104
ouid=111
There are two ways to work around that:
- instead of DB_HOST=localhost (which implies unix socket), set
DB_HOST=127.0.0.1 so we get TCP, which works
- add `flags=(attach_disconnected)` to the rsyslog profile (which is
maintained in the rsyslog package)
Is there a better way?
Cheers,
Walter Doekes
OSSO B.V.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1373070
Title:
full fix for disconnected path (paths)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1373070/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
