Hi guys,
I'm having an issue with enabling systemd units monitoring. I'm using the built it template and having apparmor enabled. Everything works fine (CPU, memory...) just those damn services won't start. I'm running agent2 v7.0.24.
Could someone have a look at my apparmor policy, please? Maybe I'm just missing a typo xD
I'm getting the following in journal -b -f:
audit: type=1107 audit(1774474988.000:126): pid=777 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.systemd1.Manager" member="ListUnits" mask="send" name="org.freedesktop.systemd1" pid=813 label="/usr/sbin/zabbix_agent2" peer_pid=1 peer_label="unconfined"
include <tunables/global>
# vim:syntax=apparmor
# AppArmor policy for zabbix_agent2
/usr/sbin/zabbix_agent2 {
include <abstractions/base>
include <abstractions/bash>
include <abstractions/nameservice>
include <abstractions/ubuntu-konsole>
include <abstractions/user-tmp>
include <abstractions/dbus-strict>
/dev/ r,
/etc/dpkg/dpkg.cfg.d/ r,
/etc/zabbix/** r,
/etc/zabbix/scripts/raspberrypi.sh mrix,
/proc/ r,
/proc/** r,
/sys/class/net/** r,
/sys/devices/** r,
/usr/bin/** mrix,
/usr/sbin/zabbix_agent2 r,
/{,var/}run/utmp rk,
owner /proc/*/mounts r,
owner /run/zabbix/zabbix_agent2.pid wk,
owner /var/log/zabbix/zabbix_agent2.log w,
dbus send
bus=system
path=/org/freedesktop/systemd1/**
interface=org.freedesktop.systemd1.Manager
member=ListUnits
peer=(label=unconfined),
dbus send
bus=system
path=/org/freedesktop/systemd1/**
interface=org.freedesktop.systemd1.Manager
member=*
peer=(label=unconfined),
}
I'm having an issue with enabling systemd units monitoring. I'm using the built it template and having apparmor enabled. Everything works fine (CPU, memory...) just those damn services won't start. I'm running agent2 v7.0.24.
Could someone have a look at my apparmor policy, please? Maybe I'm just missing a typo xD
I'm getting the following in journal -b -f:
audit: type=1107 audit(1774474988.000:126): pid=777 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.systemd1.Manager" member="ListUnits" mask="send" name="org.freedesktop.systemd1" pid=813 label="/usr/sbin/zabbix_agent2" peer_pid=1 peer_label="unconfined"
include <tunables/global>
# vim:syntax=apparmor
# AppArmor policy for zabbix_agent2
/usr/sbin/zabbix_agent2 {
include <abstractions/base>
include <abstractions/bash>
include <abstractions/nameservice>
include <abstractions/ubuntu-konsole>
include <abstractions/user-tmp>
include <abstractions/dbus-strict>
/dev/ r,
/etc/dpkg/dpkg.cfg.d/ r,
/etc/zabbix/** r,
/etc/zabbix/scripts/raspberrypi.sh mrix,
/proc/ r,
/proc/** r,
/sys/class/net/** r,
/sys/devices/** r,
/usr/bin/** mrix,
/usr/sbin/zabbix_agent2 r,
/{,var/}run/utmp rk,
owner /proc/*/mounts r,
owner /run/zabbix/zabbix_agent2.pid wk,
owner /var/log/zabbix/zabbix_agent2.log w,
dbus send
bus=system
path=/org/freedesktop/systemd1/**
interface=org.freedesktop.systemd1.Manager
member=ListUnits
peer=(label=unconfined),
dbus send
bus=system
path=/org/freedesktop/systemd1/**
interface=org.freedesktop.systemd1.Manager
member=*
peer=(label=unconfined),
}
Comment