[18:04] <ahasenack_> sdeziel: hi, I am looking at enabling apparmor by default on rsyslog, and saw your name in a changelog entry regarding that profile
[18:04] <ahasenack_> do you use rsyslog with apparmor in enforcing mode?
[18:07] <sdeziel> ahasenack: yes and I've been doing so since 16.04 IIRC
[18:07] <ahasenack> let's flip the switch then
[18:08] <sdeziel> awesome!
[18:08] <ahasenack> I'll do some checking in lunar
[18:08] <ahasenack> sdeziel: do you use remote logging?
[18:08] <ahasenack> or any "interesting" target for the logs?
[18:08] <sdeziel> ahasenack: yes, I have it in enforcing on clients streaming to an aggregator
[18:08] <ahasenack> tl?
[18:08] <ahasenack> tls?
[18:09] <sdeziel> the aggregator listens on UDP/514 for now, TLS is something I have yet to get to
[18:09] <ahasenack> iirc it uses gnutls, and the apparmor profile would have to allow reading the tls bits like /etc/gnutls/config and others
[18:09] <ahasenack> something I will check
[20:33] <ahasenack> is there a better way to find out where an apparmor rule is that is allowing access to a certain file?
[20:33] <ahasenack> I checked the profile, and its includes, and can't find what is allowing /etc/ssl/certs/ca-certificates.crt
[20:33] <ahasenack> which I'm glag it is, because I need it, but I can't find the rule
[20:33] <ahasenack> it's the rsyslogd profile
[20:34] <ahasenack> it has an incude for an openssl abstraction, but it's commented
[20:34] <ahasenack>   ##include <abstractions/openssl>
[20:34] <ahasenack> abstractions/base includes abstractions/crypto, but I didn't see a rule for that in the crypto abstraction
[20:34] <sdeziel> ahasenack: `apparmor_parser -p /etc/apparmor.d/usr.sbin.rsyslogd`
[20:35] <sdeziel> this will show you the preprocessed/aggregated full rulest
[20:35] <ahasenack> nice
[20:36] <ahasenack> ok, I see abstractions/ssl_certs was included by something
[20:38] <ahasenack> ok, got it
[20:38] <ahasenack> rsyslog -> nameservice -> ldapclient -> ssl_certs