Results 1 to 6 of 6

Thread: Apparmor genprof throwing error (Can't find rsyslog.d)

Hybrid View

  1. #1
    Join Date
    Apr 2015
    Location
    Sydney, Australia
    Posts
    4

    Apparmor genprof throwing error (Can't find rsyslog.d)

    As per title AA genprof is throwing the following error:

    Code:
    ip-10-0-0-200:~ # aa-genprof /usr/sbin/sshd
    
    Can't find include file rsyslog.d: No such file or directory
    Running strace against this shows that the the folder "/etc/apparmor.d/rsyslog.d" can't be found.

    Code:
    open("/etc/apparmor.d/rsyslog.d", O_RDONLY) = -1 ENOENT (No such file or directory)
    This is looking to be missing folders from the AA install, has anyone else experienced this or is anyone able to test this on a local SLES machine?

    This is a SLES 12 machine running on AWS.

    AA software installed:

    Code:
    S | Name                         | Summary                                                             | Type      
    --+------------------------------+---------------------------------------------------------------------+-----------
    i | apache2-mod_apparmor         | AppArmor module for apache2                                         | package   
      | apparmor                              | AppArmor userlevel parser utility                                   | srcpackage
    i | apparmor                              | AppArmor                                                            | pattern   
    i | apparmor-docs                      | AppArmor Documentation package                                      | package   
    i | apparmor-parser                    | AppArmor userlevel parser utility                                   | package   
    i | apparmor-profiles                   | AppArmor profiles that are loaded into the apparmor kernel module   | package   
    i | apparmor-utils                        | AppArmor User-Level Utilities Useful for Creating AppArmor Profiles | package   
      | libapparmor-devel                   | Development headers and libraries for libapparmor                   | package   
    i | libapparmor1                         | Utility library for AppArmor                                        | package   
      | libapparmor1-32bit                 | Utility library for AppArmor                                        | package   
      | pam_apparmor                      | PAM module for AppArmor change_hat                                  | package   
      | pam_apparmor-32bit              | PAM module for AppArmor change_hat                                  | package   
    i | patterns-sles-apparmor           | AppArmor                                                            | package   
      | patterns-sles-apparmor-32bit   | AppArmor                                                            | package   
    i | perl-apparmor                         | Perl interface for libapparmor functions                            | package   
    i | yast2-apparmor                      | YaST2 - Plugins for AppArmor Profile Management                     | package

  2. #2

    Re: Apparmor genprof throwing error (Can't find rsyslog.d)

    On 28/04/2015 01:54, nminter wrote:

    > As per title AA genprof is throwing the following error:
    >
    >
    > Code:
    > --------------------
    >
    > ip-10-0-0-200:~ # aa-genprof /usr/sbin/sshd
    >
    > Can't find include file rsyslog.d: No such file or directory
    >
    > --------------------


    On my test SLES12 server when I run the above command I get
    "/usr/bin/sshd does not exist, please double-check the path."

    Perhaps you meant "aa-genprof /usr/sbin/ssh" which then gives the above
    rsyslog.d error message?

    > Running strace against this shows that the the folder
    > "/etc/apparmor.d/rsyslog.d" can't be found.
    >
    >
    > Code:
    > --------------------
    >
    > open("/etc/apparmor.d/rsyslog.d", O_RDONLY) = -1 ENOENT (No such file or directory)
    >
    > --------------------


    On my test SLES12 server /etc/apparmor.d/rsyslog.d doesn't exist but
    /etc/apparmor/profiles/extras/rsyslog.d does (as does /etc/rsyslog.d).

    > This is looking to be missing folders from the AA install, has anyone
    > else experienced this or is anyone able to test this on a local SLES
    > machine?
    >
    > This is a SLES 12 machine running on AWS.
    >
    > AA software installed:
    >
    >
    > Code:
    > --------------------
    >
    > S | Name | Summary | Type
    > --+------------------------------+---------------------------------------------------------------------+-----------
    > i | apache2-mod_apparmor | AppArmor module for apache2 | package
    > | apparmor | AppArmor userlevel parser utility | srcpackage
    > i | apparmor | AppArmor | pattern
    > i | apparmor-docs | AppArmor Documentation package | package
    > i | apparmor-parser | AppArmor userlevel parser utility | package
    > i | apparmor-profiles | AppArmor profiles that are loaded into the apparmor kernel module | package
    > i | apparmor-utils | AppArmor User-Level Utilities Useful for Creating AppArmor Profiles | package
    > | libapparmor-devel | Development headers and libraries for libapparmor | package
    > i | libapparmor1 | Utility library for AppArmor | package
    > | libapparmor1-32bit | Utility library for AppArmor | package
    > | pam_apparmor | PAM module for AppArmor change_hat | package
    > | pam_apparmor-32bit | PAM module for AppArmor change_hat | package
    > i | patterns-sles-apparmor | AppArmor | package
    > | patterns-sles-apparmor-32bit | AppArmor | package
    > i | perl-apparmor | Perl interface for libapparmor functions | package
    > i | yast2-apparmor | YaST2 - Plugins for AppArmor Profile Management | package
    >
    > --------------------


    On my test SLES12 server I have the rsyslog package installed which
    creates both the directories /etc/apparmor/profiles/extras/rsyslog.d and
    /etc/rsyslog.d but not /etc/apparmor.d/rsyslog.d.

    Ah it seems there's a problem with
    /etc/apparmor/profiles/extras/usr.sbin.rsyslogd which has "#include
    <rsyslog.d>" which cause AppArmor to try loading from
    /etc/apparmor.d/rsyslog.d. Bug #925512 has already been logged with a
    fix in progress.

    HTH.
    --
    Simon
    SUSE Knowledge Partner

    ------------------------------------------------------------------------
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below. Thanks.
    ------------------------------------------------------------------------

  3. #3
    Join Date
    Apr 2015
    Location
    Sydney, Australia
    Posts
    4

    Re: Apparmor genprof throwing error (Can't find rsyslog.d)

    Quote Originally Posted by smflood View Post
    On my test SLES12 server when I run the above command I get
    "/usr/bin/sshd does not exist, please double-check the path."

    Perhaps you meant "aa-genprof /usr/sbin/ssh" which then gives the above
    rsyslog.d error message?
    [color=blue]
    I thought I had put sbin rather than bin in that command?

    Quote Originally Posted by smflood View Post
    Ah it seems there's a problem with
    /etc/apparmor/profiles/extras/usr.sbin.rsyslogd which has "#include
    <rsyslog.d>" which cause AppArmor to try loading from
    /etc/apparmor.d/rsyslog.d. Bug #925512 has already been logged with a
    fix in progress.
    Excellent, hopefully a fix won't be too far of then.

    I'm new to SLES, is there a bug tracker where I can keep an eye on the progress of the bugfix?

  4. #4

    Re: Apparmor genprof throwing error (Can't find rsyslog.d)

    On 29/04/2015 00:44, nminter wrote:

    > I thought I had put sbin rather than bin in that command?


    Oops sorry my bad, yes you did and that command also gives me the same
    error.

    > Excellent, hopefully a fix won't be too far of then.


    Hopefully not. I'll update this thread when it's available.

    > I'm new to SLES, is there a bug tracker where I can keep an eye on the
    > progress of the bugfix?


    SUSE's bug tracker is @ bugzilla.suse.com but not all bugs (or all
    details of individual bugs) are public and you need to be authorised to
    see all/some details.

    HTH.
    --
    Simon
    SUSE Knowledge Partner

    ------------------------------------------------------------------------
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below. Thanks.
    ------------------------------------------------------------------------

  5. #5
    Join Date
    Apr 2015
    Location
    Sydney, Australia
    Posts
    4

    Re: Apparmor genprof throwing error (Can't find rsyslog.d)

    Thanks Simon, I found SUSE bugzilla setup after a bit of a search and noted that I couldn't see the details on the bug reference.

    Just a waiting game from here then.

  6. #6
    Join Date
    Apr 2015
    Location
    Sydney, Australia
    Posts
    4

    Re: Apparmor genprof throwing error (Can't find rsyslog.d)

    For anyone else that is having this issue in a new system adding a basic profile to /etc/apparmor/usr.sbin.sshd will allow you to use aa-genprof to profile sshd.

    Example base profile:

    Code:
    # Last Modified: Wed May  6 12:41:39 2015
    #include <tunables/global>
    
    /usr/sbin/sshd {
      #include <abstractions/base>
    
      /usr/sbin/sshd mr,
    
    }
    This should also work for any other programs complaining about the rsyslogd dependency.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •