[apparmor] Some profiles
"Артём Н."
artiom14 at yandex.ru
Tue Mar 12 16:05:08 UTC 2013
Today I got this error:
"/etc/cron.daily/logrotate:
error: Could not lock file /etc/logrotate.conf for reading
error: cannot open directory /etc/logrotate.d: Отказано в доступе
run-parts: /etc/cron.daily/logrotate exited with return code 1"
I had corrected logrotate profile (but it has a lot of trash and needs testing
and cleaning):
# vim:syntax=apparmor
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# Last Modified: 19:48:45 MSK 2013
#include <tunables/global>
/etc/cron.daily/logrotate {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/nameservice>
/bin/bash mixr,
/bin/cat mixr,
/bin/gzip mixr,
/bin/kill mixr,
/bin/logger mixr,
/bin/true mixr,
/etc/init.d/* mixr,
/usr/bin/killall mixr,
/usr/sbin/logrotate mixr,
/var/log r,
/var/log/** wrl,
/var/lib/privoxy/log/** rwl,
/var/lib64/privoxy/log/** rwl,
/ r,
/dev/tty wr,
/etc/cron.daily/logrotate r,
/etc/logrotate.d/ r,
/etc/logrotate.d/* r,
/etc/logrotate.conf rk,
/etc/subdomain.d r,
@{PROC} r,
@{PROC}/[1-9]* r,
/tmp w,
/tmp/file* wl,
/tmp/logrot* wlr,
/var/lib/logrotate.status wr,
/{run,var}/lock/samba r,
/{,var/}run/httpd.pid r,
/{,var/}run/syslogd.pid r,
/var/spool/slrnpull wr,
/var/spool/slrnpull/log* wrl,
}
More information about the AppArmor
mailing list