Apparmor genprof throwing error (Can't find rsyslog.d)

SUSE Linux Enterprise Server SLES Networking
1

As per title AA genprof is throwing the following error:

ip-10-0-0-200:~ # aa-genprof /usr/sbin/sshd

Can't find include file rsyslog.d: No such file or directory

Running strace against this shows that the the folder “/etc/apparmor.d/rsyslog.d” can’t be found.

open("/etc/apparmor.d/rsyslog.d", O_RDONLY) = -1 ENOENT (No such file or directory)

This is looking to be missing folders from the AA install, has anyone else experienced this or is anyone able to test this on a local SLES machine?

This is a SLES 12 machine running on AWS.

AA software installed:

S | Name                         | Summary                                                             | Type      
--+------------------------------+---------------------------------------------------------------------+-----------
i | apache2-mod_apparmor         | AppArmor module for apache2                                         | package   
  | apparmor                              | AppArmor userlevel parser utility                                   | srcpackage
i | apparmor                              | AppArmor                                                            | pattern   
i | apparmor-docs                      | AppArmor Documentation package                                      | package   
i | apparmor-parser                    | AppArmor userlevel parser utility                                   | package   
i | apparmor-profiles                   | AppArmor profiles that are loaded into the apparmor kernel module   | package   
i | apparmor-utils                        | AppArmor User-Level Utilities Useful for Creating AppArmor Profiles | package   
  | libapparmor-devel                   | Development headers and libraries for libapparmor                   | package   
i | libapparmor1                         | Utility library for AppArmor                                        | package   
  | libapparmor1-32bit                 | Utility library for AppArmor                                        | package   
  | pam_apparmor                      | PAM module for AppArmor change_hat                                  | package   
  | pam_apparmor-32bit              | PAM module for AppArmor change_hat                                  | package   
i | patterns-sles-apparmor           | AppArmor                                                            | package   
  | patterns-sles-apparmor-32bit   | AppArmor                                                            | package   
i | perl-apparmor                         | Perl interface for libapparmor functions                            | package   
i | yast2-apparmor                      | YaST2 - Plugins for AppArmor Profile Management                     | package
2

On 28/04/2015 01:54, nminter wrote:
[color=blue]

As per title AA genprof is throwing the following error:

Code:

ip-10-0-0-200:~ # aa-genprof /usr/sbin/sshd

Can’t find include file rsyslog.d: No such file or directory

--------------------[/color]

On my test SLES12 server when I run the above command I get
“/usr/bin/sshd does not exist, please double-check the path.”

Perhaps you meant “aa-genprof /usr/sbin/ssh” which then gives the above
rsyslog.d error message?
[color=blue]

Running strace against this shows that the the folder
“/etc/apparmor.d/rsyslog.d” can’t be found.

Code:

open(“/etc/apparmor.d/rsyslog.d”, O_RDONLY) = -1 ENOENT (No such file or directory)

--------------------[/color]

On my test SLES12 server /etc/apparmor.d/rsyslog.d doesn’t exist but
/etc/apparmor/profiles/extras/rsyslog.d does (as does /etc/rsyslog.d).
[color=blue]

This is looking to be missing folders from the AA install, has anyone
else experienced this or is anyone able to test this on a local SLES
machine?

This is a SLES 12 machine running on AWS.

AA software installed:

Code:

S | Name | Summary | Type
–±-----------------------------±--------------------------------------------------------------------±----------
i | apache2-mod_apparmor | AppArmor module for apache2 | package
| apparmor | AppArmor userlevel parser utility | srcpackage
i | apparmor | AppArmor | pattern
i | apparmor-docs | AppArmor Documentation package | package
i | apparmor-parser | AppArmor userlevel parser utility | package
i | apparmor-profiles | AppArmor profiles that are loaded into the apparmor kernel module | package
i | apparmor-utils | AppArmor User-Level Utilities Useful for Creating AppArmor Profiles | package
| libapparmor-devel | Development headers and libraries for libapparmor | package
i | libapparmor1 | Utility library for AppArmor | package
| libapparmor1-32bit | Utility library for AppArmor | package
| pam_apparmor | PAM module for AppArmor change_hat | package
| pam_apparmor-32bit | PAM module for AppArmor change_hat | package
i | patterns-sles-apparmor | AppArmor | package
| patterns-sles-apparmor-32bit | AppArmor | package
i | perl-apparmor | Perl interface for libapparmor functions | package
i | yast2-apparmor | YaST2 - Plugins for AppArmor Profile Management | package

--------------------[/color]

On my test SLES12 server I have the rsyslog package installed which
creates both the directories /etc/apparmor/profiles/extras/rsyslog.d and
/etc/rsyslog.d but not /etc/apparmor.d/rsyslog.d.

Ah it seems there’s a problem with
/etc/apparmor/profiles/extras/usr.sbin.rsyslogd which has “#include
<rsyslog.d>” which cause AppArmor to try loading from
/etc/apparmor.d/rsyslog.d. Bug #925512 has already been logged with a
fix in progress.

HTH.

Simon
SUSE Knowledge Partner

If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.

3

I thought I had put sbin rather than bin in that command?

Excellent, hopefully a fix won’t be too far of then.

I’m new to SLES, is there a bug tracker where I can keep an eye on the progress of the bugfix?

4

On 29/04/2015 00:44, nminter wrote:
[color=blue]

I thought I had put sbin rather than bin in that command?[/color]

Oops sorry my bad, yes you did and that command also gives me the same
error.
[color=blue]

Excellent, hopefully a fix won’t be too far of then.[/color]

Hopefully not. I’ll update this thread when it’s available.
[color=blue]

I’m new to SLES, is there a bug tracker where I can keep an eye on the
progress of the bugfix?[/color]

SUSE’s bug tracker is @ bugzilla.suse.com but not all bugs (or all
details of individual bugs) are public and you need to be authorised to
see all/some details.

HTH.

Simon
SUSE Knowledge Partner

If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.

5

Thanks Simon, I found SUSE bugzilla setup after a bit of a search and noted that I couldn’t see the details on the bug reference.

Just a waiting game from here then.

6

For anyone else that is having this issue in a new system adding a basic profile to /etc/apparmor/usr.sbin.sshd will allow you to use aa-genprof to profile sshd.

Example base profile:

# Last Modified: Wed May  6 12:41:39 2015
#include <tunables/global>

/usr/sbin/sshd {
  #include <abstractions/base>

  /usr/sbin/sshd mr,

}

This should also work for any other programs complaining about the rsyslogd dependency.