** Description changed: [ Impact ] - * An explanation of the effects of the bug on users and justification - for backporting the fix to the stable release. + rsyslog has an apparmor profile that we have been fine tuning as ubuntu + releases go by. Every now and then, a new rule needs to be added. - * In addition, it is helpful, but not required, to include an - explanation of how the upload fixes this bug. + In this particular case, the usage of the imjournal[1] module is being + blocked by apparmor. Specifically, these accesses are being denied: + + apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/log/journal/" pid=3351 comm="in:imjournal" requested_mask="r" denied_mask="r" fsuid=102 ouid=0 + apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/etc/machine-id" pid=3351 comm="in:imjournal" requested_mask="r" denied_mask="r" fsuid=102 ouid=0 + + This prevents the imjournal module from being used. + + + 1. https://www.rsyslog.com/doc/configuration/modules/imjournal.html [ Test Plan ] - * detailed instructions how to reproduce the bug + - Deploy the ubuntu release under verification in a VM - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package - fixes the problem. + - enable the imjournal module by creating a config file for it (the + whole command in one line): - * if other testing is appropriate to perform before landing this - update, this should also be described here. + echo 'module(load="imjournal" fileCreateMode="0666" + PersistStateInterval="999" + StateFile="/var/spool/rsyslog/journal_state")' | sudo tee + /etc/rsyslog.d/10-imjournal.conf + + - in another terminal, run this dmesg command: + + sudo dmesg -wT | grep apparmor | grep rsyslog + + - in yet another terminal, tail the logs: + + tail -f /var/log/syslog | grep rsyslogd + + - restart rsyslog: + + sudo systemctl restart rsyslog + + - with the affected version of rsyslog installed, you will see the + apparmor DENIED messages in the dmesg terminal, and error messages about + "imjournal" in the syslog logs + + - with the package from proposed, there should be no apparmor DENIED + messages, and no imjournal errors + [ Where problems could occur ] - * Think about what the upload changes in the software. Imagine the - change is wrong or breaks something else: how would this show up? + The extra apparmor rules we are adding allow reading of the systemd + journal, and the /etc/machine-id file. There are no extra rules allowing + writing, but we are allowing rsyslog to have access to more logs. But + that is its purpose, after all. - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the event - of a regression. + Specifically about the imjournal module, without this change, it is not + working already. - * This must never be "None" or "Low", or entirely an argument as to why - your upload is low risk. - - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. [ Other Info ] - - * Anything else you think is useful to include - - * Make sure to explain any deviation from the norm, to save the SRU - reviewer from having to infer your reasoning, possibly incorrectly. - This should also help reduce review iterations, particularly when the - reason for the deviation is not obvious. - - * Anticipate questions from users, SRU, +1 maintenance, security teams - and the Technical Board and address these questions in advance + Other apparmor rules are being added to rsyslog via this upload, closing other bugs: + - LP: #2056768 for noble only + - LP: #2061726 for noble, oracular, and plucky [ Original Description ] imjournal module fails to create /var/spool/rsyslog/journal-state file in ubuntu 24.04, rsyslog version(8.2312.0) x86 and s390x both, but works well in ubuntu 22.04 , rsyslog version(8.2112.0) x86 and s390x ******* Ubuntu 24.04 s390x lsb_release -rd No LSB modules are available. Description: Ubuntu 24.04 LTS Release: 24.04 # apt-cache policy rsyslog rsyslog: Installed: 8.2312.0-3ubuntu9 Candidate: 8.2312.0-3ubuntu9 Version table: *** 8.2312.0-3ubuntu9 500 500 http://ports.ubuntu.com/ubuntu-ports noble/main s390x Packages 100 /var/lib/dpkg/status Have below line in /etc/rsyslog.conf module(load="imjournal" fileCreateMode="0666" PersistStateInterval="999" StateFile="/var/spool/rsyslog/journal_state") ul 19 18:39:35 latest-logs systemd[1]: Starting rsyslog.service - System Logging Service... Jul 19 18:39:35 latest-logs rsyslogd[8647]: rsyslogd's groupid changed to 102 Jul 19 18:39:35 latest-logs rsyslogd[8647]: rsyslogd's userid changed to 102 Jul 19 18:39:35 latest-logs systemd[1]: Started rsyslog.service - System Logging Service. Jul 19 18:39:35 latest-logs rsyslogd[8647]: [origin software="rsyslogd" swVersion="8.2312.0" x-pid="8647" x-info="https://www.rsyslog.com";] start Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: No statefile exists, /var/spool/rsyslog/journal_state will be created (ignore if this is first run): No such file or directory > Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: Journal indicates no msgs when positioned at head. [v8.2312.0 try https://www.rsyslog.com/e/0 ] Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: journal files changed, reloading... [v8.2312.0 try https://www.rsyslog.com/e/0 ] Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: No statefile exists, /var/spool/rsyslog/journal_state will be created (ignore if this is first run): No such file or directory > Jul 19 18:39:35 latest-logs rsyslogd[8647]: imjournal: Journal indicates no msgs when positioned at head. [v8.2312.0 try https://www.rsyslog.com/e/0 ] lines 1-25/25 (END) FIle /var/spool/rsyslog/journal_state should have created and logs should have redirected to rsyslog server ****** In Ubuntu 22.04 all is working as expected # lsb_release -rd Description: Ubuntu 22.04.4 LTS Release: 22.04 #apt-cache policy rsyslog rsyslog: Installed: 8.2112.0-2ubuntu2.2 Candidate: 8.2112.0-2ubuntu2.2 Version table: *** 8.2112.0-2ubuntu2.2 100 100 /var/lib/dpkg/status Use the same line as above in /etc/rsyslog.conf restart service. it did gave error about fileCreateMode which got ignored and proceeded to create the journal-state file and continued without any error Jul 19 18:44:37 systemd[1]: Starting System Logging Service... Jul 19 18:44:37 rsyslogd[13664]: error during parsing file /etc/rsyslog.conf, on or before line 16: parameter 'fileCreateMode' not known -- typo in co> Jul 19 18:44:37 systemd[1]: Started System Logging Service. Jul 19 18:44:37 rsyslogd[13664]: rsyslogd's groupid changed to 111 Jul 19 18:44:37 rsyslogd[13664]: rsyslogd's userid changed to 104 Jul 19 18:44:37 rsyslogd[13664]: [origin software="rsyslogd" swVersion="8.2112.0" x-pid="13664" x-info="https://www.rsyslog.com";] start Jul 19 18:44:37 rsyslogd[13664]: imjournal: journal files changed, reloading... [v8.2112.0 try https://www.rsyslog.com/e/0 ] /var/spool/rsyslog# ls journal_state ***** please help with this issue
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073628 Title: imjournal module works with rsyslog package of ubuntu 22.04 but not with ubuntu 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2073628/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
