Apparmor syslog issues preventing SRL labs to start

jbemmel commented 3 hours ago

On a vanilla Ubuntu 24 VM:

[ 1298.657150] audit: type=1400 audit(1727702347.904:407): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/opt/srlinux/lib/liblibsrl_rsyslog.so" pid=77053 comm="rsyslogd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 1298.657514] audit: type=1400 audit(1727702347.904:408): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/opt/srlinux/lib/liblibsrl_rsyslog.so" pid=77053 comm="rsyslogd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 1298.673766] {2024-09-30 13:19:07.920970976} sr_core_dump.sh: /var/core/coredump-sr_log_mgr-20240930_131859-4494-6.tar.gz
[ 1298.778868] audit: type=1400 audit(1727702348.026:409): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/opt/srlinux/lib/liblibsrl_rsyslog.so" pid=77123 comm="rsyslogd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 1298.778979] audit: type=1400 audit(1727702348.026:410): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/opt/srlinux/lib/liblibsrl_rsyslog.so" pid=77123 comm="rsyslogd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 1298.806971] audit: type=1400 audit(1727702348.054:411): apparmor="DENIED" operation="mknod" class="file" profile="rsyslogd" name="/run/srlinux/rsyslogd.pid.tmp" pid=77154 comm="rsyslogd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

this seems to be causing core dumps (SRL R24.7.1)

hellt commented 3 hours ago

this has been fixed in 24.7.2

the workaround for older images is

sudo ln -s /etc/apparmor.d/usr.sbin.rsyslogd /etc/apparmor.d/disable/

sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.rsyslogd

jbemmel commented 3 hours ago

Or

 sudo aa-complain rsyslogd

Would suggest to update the srl-telemetry lab to use the 24.7.2 image

hellt commented 3 hours ago

good idea!

srl-labs / containerlab

Apparmor syslog issues preventing SRL labs to start #2214