[apparmor] [Contd.] [profile] /etc/cron.daily/logrotate: a couple of DENIED messages.

Seth Arnold seth.arnold at canonical.com
Mon Dec 12 22:15:51 UTC 2016

On Mon, Dec 12, 2016 at 09:50:51PM +0100, daniel curtis wrote:
> /sbin/initctl Ux,
> /sbin/runlevel Ux,
> capability fsetid,
> /etc/lsb-base-logging.sh r,

Hi Daniel, yes, all these should be fine.

('capability fsetid' is perhaps the more unfortunate one; I'm not sure why
it would be needed. At least the file writes are confined by the rest of
the profile, so a compromised logrotate process wouldn't necessarily have
much chance to abuse it.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161212/00a425fb/attachment.pgp>

More information about the AppArmor mailing list