Hi all,
I recently upgraded to trixie (from bookworm). Most things seemed to go well, but I've had a problem with rsyslog. I have the following configuration:
# /home is mounted on its own filesystem
casey@machine:~$ mount | grep 'on \/\(home\)\? '
/dev/sdd2 on / type ext4 (rw,relatime,errors=remount-ro)
/dev/mapper/vg01-home on /home type ext4 (rw,relatime,errors=remount-ro)
# local6 gets logged to /home/foobar/foobar.log
casey@quartet:~$ cat /etc/rsyslog.d/70-foobar.conf
$FileCreateMode 0644
local6.* -/home/foobar/foobar.log
# Running Debian 13.3
casey@quartet:~$ cat /etc/debian_version
13.3
# rsyslog 8.2504.0-1
casey@quartet:~$ dpkg --list | grep rsyslog
ii rsyslog 8.2504.0-1 amd64 reliable system and kernel logging daemon
So, in essence syslog is configured to log things with facility local6 to /home/foobar/foobar.log, which is on a separate filesystem than root. Everything worked just fine prior to the upgrade. Afterwards, I get the following in my /var/log/syslog:
2026-01-20T13:07:09.725140-07:00 quartet rsyslogd: error during config processing: omfile: creating parent directories for file '/home/foobar/foobar.log' failed: Read-only file system [v8.2504.0 try https://www.rsyslog.com/e/2207 ]
But when I modify the conf file:
# local6 gets logged to /var/log/foobar.log
casey@quartet:~$ cat /etc/rsyslog.d/70-foobar.conf
$FileCreateMode 0644
local6.* -/var/log/foobar.log
Everything works as I would expect it to. This has happened on two both servers that I've upgraded to trixie.
Any ideas?
Thanks,
Casey


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Casey Deccio (HE12026-01-20):

So, in essence syslog is configured to log things with facility local6
to /home/foobar/foobar.log, which is on a separate filesystem than
root. Everything worked just fine prior to the upgrade. Afterwards,
I get the following in my /var/log/syslog:

2026-01-20T13:07:09.725140-07:00 quartet rsyslogd: error during config processing: omfile: creating parent directories for file '/home/foobar/foobar.log' failed: Read-only file system [v8.2504.0 try https://www.rsyslog.com/e/2207 ]

The answer to your issue is in `systemctl cat rsyslog.service`, i.e. /usr/lib/systemd/system/rsyslog.service.

Regards,

--
Nicolas George

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Jan 20, 2026, at 1:20?PM, Nicolas George <george@nsup.org>

wrote:

Casey Deccio (HE12026-01-20):

So, in essence syslog is configured to log things with facility

local6

to /home/foobar/foobar.log, which is on a separate filesystem than
root. Everything worked just fine prior to the upgrade. Afterwards,
I get the following in my /var/log/syslog:

2026-01-20T13:07:09.725140-07:00 quartet rsyslogd: error during

config processing: omfile: creating parent directories for file '/home/foobar/foobar.log' failed: Read-only file system [v8.2504.0 try https://www.rsyslog.com/e/2207 ]

The answer to your issue is in `systemctl cat rsyslog.service`, i.e. /usr/lib/systemd/system/rsyslog.service.

Thank you! In all my searching, it never occurred to me that it was
systemd and not rsyslog.

Changing the value of ProtectHome fixed everything. I might reevaluate
where I keep these particular logs, but at least for now I'm up and
running.

Thanks!
Casey

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Tue, Jan 20, 2026 at 13:32:23 -0700, Casey Deccio wrote:

2026-01-20T13:07:09.725140-07:00 quartet rsyslogd: error during config processing: omfile: creating parent directories for file '/home/foobar/foobar.log' failed: Read-only file system [v8.2504.0 try https://www.rsyslog.com/e/2207 ]

The answer to your issue is in `systemctl cat rsyslog.service`, i.e. /usr/lib/systemd/system/rsyslog.service.

Thank you! In all my searching, it never occurred to me that it was systemd and not rsyslog.

As a general rule, if a daemon is complaining about "permission denied"
or "read-only file system", when the directories in question are not
restricted by permissions and the file system in question is not actually read-only, there's a high chance it's a restriction imposed by AppArmor
or by the daemon's systemd unit file.

This kind of issue happens *frequently* when people try to store files
in a different place than normal, either by mounting a file system in
an uncommon place, or creating a symbolic link to point a directory to
a different location, etc. The default restrictions in Debian's AppArmor
and systemd configuration files are often designed to work with standard directories, and prevent writing in any other place. This is done for
security purposes (in case an exploit is found, the exploited daemon
will be capable of reduced damages), and these restrictions generally
become tighter over time.

Long story short: if you change the locations where files are being
stored, and you get an error about permissions or read-only-ness,
look for an AppArmor profile or systemd unit file restriction that
may be working against you.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Hi,

On Tue, Jan 20, 2026 at 01:32:23PM -0700, Casey Deccio wrote:

On Jan 20, 2026, at 1:20?PM, Nicolas George <george@nsup.org> wrote:
The answer to your issue is in `systemctl cat rsyslog.service`, i.e. /usr/lib/systemd/system/rsyslog.service.

Thank you! In all my searching, it never occurred to me that it was systemd and not rsyslog.

It's also mentioned in the NEWS of rsyslog which is displayed during
upgrade and available afterwards at
/usr/share/doc/rsyslog/NEWS.Debian.gz. Always worth checking out that
sort of thing when having issues after an upgrade.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)