My experience with selinux (similar though different) is that it freaked out when I symlinked things in a way the os policies didn't expect me to do. I had to jump through a bunch of hoops to tweak the os selinux policies to do its thing based on how I (the system integrator) wanted things to look like. Eventually I just turned selinux off as it was too much pain to deal with.
Yeah. I know. I know. I know. :-) On Saturday, December 13, 2025 at 11:07:37 AM UTC-8 John Steggall wrote: > In the my original post I had followed the recipe specified in: > > Make rsyslog on Linux save WeeWX logs separate from system > https://github.com/weewx/weewx/wiki/logging > > That resulted in the error messages I mentioned above. Though the wiki > specifies symlinking from the directory /etc/rsyslog.d/ to > /etc/weewx/rsyslog.d/weewx.conf, Vince suggested that the weewx.conf file > should instead be copied to /etc/rsyslog.d/. Indeed, this was *part* of the > solution, at least for Linux Mint (an Ubuntu derivative). Apparmor did > *not* like the symlink. > > On the other hand, logrotate does not mind if /etc/logrotate.d/weewx is a > symlink to /etc/weewx/logrotate.d/weewx. > > After, some debugging, here is a list of other things I had to do in order > to get separate logging to work on my system (Linux Mint 22.2 and probably > Ubuntu): > > * /var/log/weewx -- remove group write permissions from this directory: > $ sudo chmod g-w /var/log/weewx > > * /etc/weewx/logrotate.d/weewx -- should be owned by root, with weewx group > $ sudo chown root:weewx /etc/weewx/logrotate.d/weewx > > * /etc/weewx/logrotate.d/weewx -- remove group write permissions: > $ sudo chmod g-w /etc/weewx/logrotate.d/weewx > > * /var/log/weewx/weewxd.log must be owned by syslog: > $ sudo chown syslog:syslog /var/log/weewx/weewx.log > > On Monday, December 8, 2025 at 10:17:31 PM UTC-8 vince wrote: > >> Not an apparmor user, but I do have a question. Why would the os >> possibly be complaining about /etc/weewx/rsyslog.d/weewx.conf which is a >> provided template file you're supposed to copy to /etc/rsyslog.d ? You >> didn't symlink to it or something did you ? You're supposed to copy it >> into the /etc/rsyslog.d directory... >> >> >> On Monday, December 8, 2025 at 8:24:55 PM UTC-8 John Steggall wrote: >> >>> I've set up separate rsyslog logging for weewx, following the >>> documentation and Vince's recent post. This is on a Linux Mint 22.2 system >>> with an apt installation of weewx. When I restart rsyslog, I get the >>> following error: >>> >>> 2025-12-08T20:07:51.092692-08:00 XPS-13-9370 kernel: audit: type=1400 >>> audit(1765253271.090:163): apparmor="DENIED" operation="open" class="file" >>> profile="rsyslogd" name="/etc/weewx/rsyslog.d/weewx.conf" pid=1343000 >>> comm="rsyslogd" requested_mask="r" denied_mask="r" fsuid=0 ouid=131 >>> >>> I did a bit of research on apparmor and it looks like kind of a pain to >>> navigate (e.g., >>> https://www.maketecheasier.com/understanding-apparmor-in-ubuntu-linux/). >>> >>> Wondering if anyone has an easy solution or perhaps I should disable >>> apparmor for rsyslog? >>> >>> -js >>> >> -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/weewx-user/19b5b523-dd5e-4028-afd0-0f525aede3a6n%40googlegroups.com.
