I'm having second thoughts about the "deny / r," rule, because it affects rsyslog as a whole, and not just the imfile module.
With that rule in place, we won't know (via apparmor logs) if we are suddenly blocking something else in rsyslog, and this could make troubleshooting harder in the future. The alternative is to allow it: "/ r," essentially, like it's being done for "/var/" and "/var/log/". There is no easy way to add the rule for "/" just when the imfile module is being used. I'll discuss this with @jjohansen next week. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2101180 Title: Multiple DENIED apparmor messages when using rsyslog with the imfile module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2101180/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
