monitoring plugin check_users fails on openSUSE Tumbleweed and MicroOS
Rather than a bug report, this is a question about how to submit a fix for this :-)
The original bug report for openSUSE is at https://bugzilla.opensuse.org/show_bug.cgi?id=1216878
In short, openSUSE Tumbleweed removed /run/utmp
so now the monitoring plugin check_users checks the contents of /run/systemd/sessions/
instead, but it doesn't have rights.
type=AVC msg=audit(1699395566.306:1314): apparmor="DENIED" operation="open" class="file" profile="/usr/lib/nagios/plugins/check_users" name="/run/systemd/sessions/" pid=11999 comm="check_users" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Now, there are FMPOV two (or probably more) ways of fixing this.
The suggestion at https://bugzilla.opensuse.org/show_bug.cgi?id=1216878#c8 is fixing this at profiles/apparmor.d/abstractions/wutmp
. It is something I tested, and by adding:
# Some read the list of sessions from systemd
/run/systemd/sessions/ r,
The problem is fixed.
But being a complete noob in AppArmor... is this the right way of fixing the issue?
If so, I can prepare a merge request for it.
Edited by Julio González Gil