aa-logprof: doesn't work complain mode in new syslog conf(using /var/log/syslog)
Bug #835838 reported by
yama
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
Ubuntu 11.04
/etc/apparmor/
logfiles = /var/log/
It is not read after that when /var/log/messages files are 0 bytes.
Therefore, the /var/log/syslog/ file is not read, and aa-logprof ends.
Changed in apparmor (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
status: | Confirmed → In Progress |
importance: | Undecided → Medium |
Changed in apparmor (Ubuntu): | |
milestone: | none → ubuntu-11.10-beta-2 |
To post a comment you must log in.
I can reproduce this bug with upgraded natty/oneiric, not clean-installed.
Because clean-installed natty/oneiric does not have /var/log/messages. But if we upgrade maverick -> natty (-> oneiric), that cause 0-byte /var/log/messages.
So, we need change the logfiles entiry. ======= ======= ======= ======= ======= ======= ======= ======= profiledir = /usr/share/ doc/apparmor- profiles/ extras audit/audit. log /var/log/messages /var/log/syslog audit/audit. log /var/log/syslog /var/log/messages
=======
$ diff -u logprof.conf.orig logprof.conf
--- logprof.conf.orig 2011-04-19 02:36:30.000000000 +0900
+++ logprof.conf 2011-08-28 14:55:56.762774378 +0900
@@ -11,7 +11,7 @@
[settings]
profiledir = /etc/apparmor.d /etc/subdomain.d
inactive_
- logfiles = /var/log/
+ logfiles = /var/log/
parser = /sbin/apparmor_ parser /sbin/subdomain _parser ======= ======= ======= ======= ======= ======= ======= =======
ldd = /usr/bin/ldd
=======