Hi,
I have came across audit.log file and found out errors like following:
Quote:
type=AVC msg=audit(1340393422.929:28897380): apparmor="ALLOWED" operation="mknod" parent=1 profile="/usr/sbin/rsyslogd" name="/var/rsyslog/work/dbq.00000001" pid=26871 comm=72733A616374696F6E203235207175 requested_mask="c" denied_mask="c" fsuid=101 ouid=101
type=SYSCALL msg=audit(1340393422.929:28897380): arch=c000003e syscall=2 success=no exit=-13 a0=7f77c40008c0 a1=80141 a2=180 a3=1 items=0 ppid=1 pid=26871 auid=4294967295 uid=101 gid=103 euid=101 suid=101 fsuid=101 egid=103 sgid=103 fsgid=103 tty=(none) ses=4294967295 comm=72733A616374696F6E203235207175 exe="/usr/sbin/rsyslogd" key=(null)
|
I am not sure but is it correct fix it by adding following:
/var/rsyslog/work/** rw,
or
/var/rsyslog/** rw,
into
usr.sbin.rsyslogd ?
thank you,
kind regards,
M.