[apparmor] [Contd.] [profile] /etc/cron.daily/logrotate: a couple of DENIED messages.

Seth Arnold seth.arnold at canonical.com
Mon Dec 12 19:38:35 UTC 2016

On Fri, Dec 09, 2016 at 01:01:26PM +0100, daniel curtis wrote:
> Dec  9 12:44:03 t4 kernel: [ 1899.771574] type=1400
> audit(1481283842.997:46): apparmor="DENIED" operation="capable" parent=8174
> profile="/etc/cron.daily/logrotate" pid=8179 comm="logrotate" capability=3
> capname="fowner"
> So, logrotate need one more capability? If yes, it is:
> capability fowner
> Am I right? Profile reloaded without any problem - it seems, that
> everything is okay.

Hi Daniel, I'm surprised this wasn't needed earlier in your profiling.
Anyway, this looks safe to add.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161212/74b6bbf5/attachment.pgp>

More information about the AppArmor mailing list