omprog is quite hard to confine correctly in a way that is still usable
for all cases. Whatever you do, it would be best to deal with local
overrides, and not change the main profile shipped by the rsyslog
package.

That being said, I don't know of a way to override the flag: the current
override mechanism is just an inclusion mechanism, so you can add other
rules to the profile. Just to check that it would work, you could try to
allow rsyslog to execute php under a different profile that you will
create, and there you could allow the disconnected flag. You would
transition from the rsyslog confinement to a "librenmslogging" one that
you would create.

This readme file[1] explains how apparmor was added to the rsyslog
package, and talks about a package-supplied override mechanism (but it's
also just an include mechanism). The more generic override, meant for
administrators of local systems, is via
/etc/apparmor.d/local/usr.sbin.rsyslog



1. https://git.launchpad.net/ubuntu/+source/rsyslog/tree/debian/README.apparmor

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1373070

Title:
  full fix for disconnected path (paths)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1373070/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to