[Apparmor-general] permission denied at boot, but is fine later on?

[Per Jessen]

This is an opensuse 11.0 system. 
On boot-up, I see the following message in the audit log:

type=APPARMOR_DENIED msg=audit(1224667576.964:12):
operation="inode_permission" requested_mask="rw::" denied_mask="r::"
fsuid=0 name="/var/log/bwbemag" pid=2739 profile="/sbin/syslog-ng"

I tried doing an aa-genprof on /sbin/syslog-ng, but that changed
nothing.  When I restarted syslog-ng, I didn't get another DENIED
message. 
The apparmod profile is:

/sbin/syslog-ng {
[snip]
  /dev/log w,
  /dev/tty10 rw,
  /dev/xconsole rw,
  /etc/syslog-ng/* r,
  /etc/hosts.deny r,
  /etc/hosts.allow r,
  /sbin/syslog-ng mr,
  # chrooted applications
  @{CHROOT_BASE}/var/lib/*/dev/log w,
  @{CHROOT_BASE}/var/log/** w,
  @{CHROOT_BASE}/var/run/syslog-ng.pid krw,
}

It looks like the permissions for /var/log should be rw, but why isn't
this corrected by aa-genprof, and why isn't it a problem when I restart
syslog-ng?


/Per Jessen, Zürich