Ubuntu Pastebin

Paste from jdstrand at Thu, 2 Feb 2017 16:15:03 +0000

Download as text 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
$ git diff
diff --git a/interfaces/builtin/core_support.go b/interfaces/builtin/core_support.go
index 9e90763..2954655 100644
--- a/interfaces/builtin/core_support.go
+++ b/interfaces/builtin/core_support.go
@@ -24,11 +24,17 @@ import (
 )
 
 const coreSupportConnectedPlugAppArmor = `
-# Description: Can control all aspects of systemd via the systemctl command. It
-# allows execution of the systemctl binary unconfined. As such, this gives device
-# ownership to the snap.
+# Description: Can control all aspects of systemd via the systemctl command
+# and update rsyslog configuration. The interface allows execution of the
+# systemctl binary unconfined. As such, this gives device ownership to the
+# snap.
 
 /bin/systemctl Uxr,
+
+# Allow modifying rsyslog configuration for such things as remote logging. For
+# now, only allow modifying NN-snap*.conf and snap*.conf files.
+/etc/rsyslog.d/{,*}                     r,
+/etc/rsyslog.d/{,[0-9][0-9]-}snap*.conf w,
 `
 
 const coreSupportConnectedPlugSecComp = `
Download as text