> Worse yet, don't know what to add to the rsyslog policy to allow this access.
I was stracing rsyslog, and it didn't get any DENIED error. But when I straced systemd-journald, the DAEMON, that's what was denied access. And by the rsyslog profile. This is what I cannot understand. It's another process. How can I add rules to the rsyslog profile about what another process should be able to do or not. There is something else going on here. systemd-journald is unconfined from the POV of the container, but it's definitely confined from the POV of the host. Maybe this is similar to LP: #2121552? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2123821 Title: bad restriction: apparmor="DENIED" [...] namespace="root//lxd-n_<var- snap-lxd-common-lxd>" profile="rsyslogd" name="/run/systemd/journal/dev-log" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2123821/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
