[apparmor] [Contd.] [profile] /etc/cron.daily/logrotate: a couple of DENIED messages.
daniel curtis
sidetripping at gmail.com
Fri Dec 9 12:01:26 UTC 2016
Hi Seth
Yes advices too, but You helped me a lot with this profile. Anyway, today,
after reload the logrotate profile, I've noticed in log file;
/var/log/kern.log something like this:
Dec 9 12:44:03 t4 kernel: [ 1899.771574] type=1400
audit(1481283842.997:46): apparmor="DENIED" operation="capable" parent=8174
profile="/etc/cron.daily/logrotate" pid=8179 comm="logrotate" capability=3
capname="fowner"
So, logrotate need one more capability? If yes, it is:
capability fowner
Am I right? Profile reloaded without any problem - it seems, that
everything is okay.
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161209/b7b135df/attachment.html>
More information about the AppArmor
mailing list