| View previous topic :: View next topic |
| Author |
Message |
Da51d
n00b
Joined: 27 Mar 2024
Posts: 12
|
 Posted: Thu Apr 04, 2024 7:49 pm Post subject: Apparmor denied syslogd mknod /run/syslogd.cache |
 |
|
Hello everyone,
I have installed apparmor. The command dmesg | grep apparmor prints 1141 almost identical lines:
[19684.845855] audit: type=1400 audit(1712258611.687:7545): apparmor="DENIED" operation="mknod" class="file" profile="syslogd" name="/run/syslogd.cache" pid=1758 comm="syslogd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0.
I am inclined to simply make a rule to allow syslogd to mknod /run/syslogd.cache. Is there any reason that it shouldn't be allowed to? Will it's inability to do this affect something important? Can I simply allow it, basically?
_________________
What can be said at all can be said clearly and what we cannot talk about we must pass over in silence. |
|
| Back to top |
|
 |
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5069
Location: Bavaria
|
| Posted: Thu Apr 04, 2024 9:43 pm Post subject: Re: Apparmor denied syslogd mknod /run/syslogd.cache |
|
|
| Da51d wrote: | | [...] Can I simply allow it, basically? |
Yes, you should allow it ... see man syslogd:
| Quote: | /var/run/syslogd.cache
cache of last read sequence number from /dev/kmsg. Please note, syslogd relies on this file being removed at system reboot. |
I guess there is a mismatch between /run/... and /var/run/...
( there is also a /run/syslogd.pid which is probably already allowed )
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
Da51d
n00b
Joined: 27 Mar 2024
Posts: 12
|
| Posted: Thu Apr 04, 2024 9:53 pm Post subject: |
|
|
Okay, thankyou pietinger. It may be caused by the fact that the package sys-process/audit is not installed (I have just discovered), so I will install that first and see if the messages stop, before making a specific rule. Thank you again for your help.
_________________
What can be said at all can be said clearly and what we cannot talk about we must pass over in silence. |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5069
Location: Bavaria
|
|
| Back to top |
|
|
Da51d
n00b
Joined: 27 Mar 2024
Posts: 12
|
| Posted: Thu Apr 04, 2024 10:23 pm Post subject: |
|
|
Okay, that was the problem ... I had not installed the sys-process/audit package. With that installed and audit added to the default runlevel the messages have ceased.
Pietinger, at the moment just the default profiles ... I am just about to make profiles for firefox and libreoffice. This is the list returned by aa-status
/usr/lib/apache2/mpm-prefork/apache2 /usr/lib/apache2/mpm-prefork/apache2//DEFAULT_URI
/usr/lib/apache2/mpm-prefork/apache2//HANDLING_UNTRUSTED_INPUT /usr/lib/apache2/mpm-prefork/apache2//phpsysinfo
apache2 apache2//DEFAULT_URI apache2//HANDLING_UNTRUSTED_INPUT apache2//phpsysinfo
avahi-daemon dnsmasq dnsmasq//libvirt_leaseshelper dovecot dovecot-anvil dovecot-auth
dovecot-config dovecot-deliver dovecot-dict dovecot-director dovecot-doveadm-server
dovecot-dovecot-auth dovecot-dovecot-lda dovecot-dovecot-lda//sendmail dovecot-imap
dovecot-imap-login dovecot-lmtp dovecot-log dovecot-managesieve dovecot-managesieve-login
dovecot-pop3 dovecot-pop3-login dovecot-replicator dovecot-script-login dovecot-ssl-params
dovecot-stats identd klogd lsb_release mdnsd nmbd nscd ntpd nvidia_modprobe
nvidia_modprobe//kmod php-fpm ping samba-bgqd samba-dcerpcd samba-rpcd samba-rpcd-classic
samba-rpcd-spoolss smbd smbldap-useradd smbldap-useradd///etc/init.d/nscd syslog-ng
syslogd traceroute winbindd zgrep zgrep//helper zgrep//sed
Thanks for the links. I shall watch the youtube video before I get started.
_________________
What can be said at all can be said clearly and what we cannot talk about we must pass over in silence. |
|
| Back to top |
|
|
|
Networking & Security
