syslog-ng is not able to start when apparmor enabled #4853
Labels
Comments
|
Hi @bazsi, Can you please give your thoughts on this. Also if needed add the right person. |
|
the default apparmor policy seems to reject connecting to the systemd notification socket and that causes the startup to fail. I've added these lines to the profile and it started up for me (/etc/apparmor.d/sbin.syslog-ng) Some of these might be ubuntu specific (I am running ubuntu and that's where I reproduced your issue). Some of this can be eliminated if you remove the from the default config, which uses the shell to generate where to send console logs (which is not a very good idea anyway, due to how slow those consoles can be) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
syslog-ng
Version of syslog-ng
syslog-ng - 4.3.1
apparmor - 3.1.2
systemd - 255.2
Platform
Photon Dev
Debug bundle
Issue
Failure
syslog start failed in both ways manually executing binary or started with systemctl in case of apparmor enabled.
logs
=============
[ 4169.963126] audit: type=1400 audit(1710230495.234:699): apparmor="DENIED" operation="sendmsg" profile="syslog-ng" name="/systemd/notify" pid=2264 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
[ 4169.963152] audit: type=1300 audit(1710230495.234:699): arch=c000003e syscall=46 success=no exit=-13 a0=b a1=7ffd17e5fab0 a2=4000 a3=7ffd17e5fa34 items=0 ppid=1 pid=2264 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="syslog-ng" exe="/usr/sbin/syslog-ng" subj=syslog-ng key=(null)
[ 4169.963160] audit: type=1327 audit(1710230495.234:699): proctitle=2F7573722F7362696E2F7379736C6F672D6E67002D46
[ 4169.985585] audit: type=1400 audit(1710230495.254:700): apparmor="DENIED" operation="sendmsg" profile="syslog-ng" name="/systemd/notify" pid=2494 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
[ 4169.985599] audit: type=1300 audit(1710230495.254:700): arch=c000003e syscall=46 success=no exit=-13 a0=4 a1=7ffcade13140 a2=4000 a3=7ffcade130c4 items=0 ppid=1 pid=2494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="syslog-ng" exe="/usr/sbin/syslog-ng" subj=syslog-ng key=(null)
[ 4169.985707] audit: type=1327 audit(1710230495.254:700): proctitle=2F7573722F7362696E2F7379736C6F672D6E67002D46
[ 4170.016211] audit: type=1400 audit(1710230495.286:701): apparmor="DENIED" operation="sendmsg" profile="syslog-ng" name="/systemd/notify" pid=2494 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
[ 4170.016216] audit: type=1300 audit(1710230495.286:701): arch=c000003e syscall=46 success=no exit=-13 a0=2d a1=7ffcade13280 a2=4000 a3=7ffcade13204 items=0 ppid=1 pid=2494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="syslog-ng" exe="/usr/sbin/syslog-ng" subj=syslog-ng key=(null)
[ 4170.016218] audit: type=1327 audit(1710230495.286:701): proctitle=2F7573722F7362696E2F7379736C6F672D6E67002D46
[ 4170.016242] audit: type=1400 audit(1710230495.286:702): apparmor="DENIED" operation="sendmsg" profile="syslog-ng" name="/systemd/notify" pid=2494 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
syslog-ng -Fedv
==============
[2024-03-12T08:04:37.580598] Outgoing message; message='2024-03-12T08:04:37.118+00:00 photon-machine .journald.MESSAGE="audit: type=1400 audit(1710230677.113:717): apparmor="DENIED" operation="sendmsg" profile="syslog-ng" name="/systemd/notify" pid=2533 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=0" .journald.PRIORITY=5 .journald.SYSLOG_FACILITY=0 .journald.SYSLOG_IDENTIFIER=kernel .journald._BOOT_ID=7d92442baea34ec7b7de4411275f4ae9 .journald._HOSTNAME=photon-machine .journald._MACHINE_ID=2fd7b378813747179cd84278ad3b295c .journald._RUNTIME_SCOPE=system .journald._SOURCE_MONOTONIC_TIMESTAMP=4351833579 .journald._TRANSPORT=kernel HOST=photon-machine HOST_FROM=photon-machine MESSAGE="audit: type=1400 audit(1710230677.113:717): apparmor="DENIED" operation="sendmsg" profile="syslog-ng" name="/systemd/notify" pid=2533 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=0" PROGRAM=kernel SOURCE=s_local\x0a'
[2024-03-12T08:04:37.580737] Outgoing message; message='2024-03-12T08:04:37.118+00:00 photon-machine .journald.MESSAGE="audit: type=1300 audit(1710230677.113:717): arch=c000003e syscall=46 success=no exit=-13 a0=2d a1=7ffc0dadf8d0 a2=4000 a3=7ffc0dadf854 items=0 ppid=1 pid=2533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="syslog-ng" exe="/usr/sbin/syslog-ng" subj=syslog-ng key=(null)" .journald.PRIORITY=5 .journald.SYSLOG_FACILITY=0 .journald.SYSLOG_IDENTIFIER=kernel .journald._BOOT_ID=7d92442baea34ec7b7de4411275f4ae9 .journald._HOSTNAME=photon-machine .journald._MACHINE_ID=2fd7b378813747179cd84278ad3b295c .journald._RUNTIME_SCOPE=system .journald._SOURCE_MONOTONIC_TIMESTAMP=4351833593 .journald._TRANSPORT=kernel HOST=photon-machine HOST_FROM=photon-machine MESSAGE="audit: type=1300 audit(1710230677.113:717): arch=c000003e syscall=46 success=no exit=-13 a0=2d a1=7ffc0dadf8d0 a2=4000 a3=7ffc0dadf854 items=0 ppid=1 pid=2533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(non'
[2024-03-12T08:04:37.580849] Outgoing message; message='2024-03-12T08:04:37.118+00:00 photon-machine .journald.MESSAGE="audit: type=1327 audit(1710230677.113:717): proctitle=2F7573722F7362696E2F7379736C6F672D6E67002D46" .journald.PRIORITY=5 .journald.SYSLOG_FACILITY=0 .journald.SYSLOG_IDENTIFIER=kernel .journald._BOOT_ID=7d92442baea34ec7b7de4411275f4ae9 .journald._HOSTNAME=photon-machine .journald._MACHINE_ID=2fd7b378813747179cd84278ad3b295c .journald._RUNTIME_SCOPE=system .journald._SOURCE_MONOTONIC_TIMESTAMP=4351833601 .journald._TRANSPORT=kernel HOST=photon-machine HOST_FROM=photon-machine MESSAGE="audit: type=1327 audit(1710230677.113:717): proctitle=2F7573722F7362696E2F7379736C6F672D6E67002D46" PROGRAM=kernel SOURCE=s_local\x0a'
[2024-03-12T08:04:37.580983] Outgoing message; message='2024-03-12T08:04:37.118+00:00 photon-machine .journald.MESSAGE="audit: type=1400 audit(1710230677.113:718): apparmor="DENIED" operation="sendmsg" profile="syslog-ng" name="/systemd/notify" pid=2533 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=0" .journald.PRIORITY=5 .journald.SYSLOG_FACILITY=0 .journald.SYSLOG_IDENTIFIER=kernel .journald._BOOT_ID=7d92442baea34ec7b7de4411275f4ae9 .journald._HOSTNAME=photon-machine .journald._MACHINE_ID=2fd7b378813747179cd84278ad3b295c .journald._RUNTIME_SCOPE=system .journald._SOURCE_MONOTONIC_TIMESTAMP=4351833608 .journald._TRANSPORT=kernel HOST=photon-machine HOST_FROM=photon-machine MESSAGE="audit: type=1400 audit(1710230677.113:718): apparmor="DENIED" operation="sendmsg" profile="syslog-ng" name="/systemd/notify" pid=2533 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=0" PROGRAM=kernel SOURCE=s_local\x0a'
^C[2024-03-12T08:04:42.863808] Running application hooks; hook='3'
[2024-03-12T08:04:42.863849] syslog-ng shutting down; version='4.3.1'
[2024-03-12T08:04:42.966947] Running application hooks; hook='4'
Steps to reproduce
Configuration
#############################################################################
Default syslog-ng.conf file which collects all local logs into a
single file called /var/log/messages.
@Version: 4.3
@include "scl.conf"
source s_local {
system();
internal();
};
source s_network {
default-network-drivers(
# NOTE: TLS support
#
# the default-network-drivers() source driver opens the TLS
# enabled ports as well, however without an actual key/cert
# pair they will not operate and syslog-ng would display a
# warning at startup.
#
#tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
);
};
destination d_local {$HOST $ (format-welf --scope all-nv-pairs)\n") frac-digits(3));
file("/var/log/messages");
file("/var/log/messages-kv.log" template("$ISODATE
};
log {
source(s_local);
};
Input and output logs (if possible)
The text was updated successfully, but these errors were encountered: