[apparmor] [Contd.] [profile] /etc/cron.daily/logrotate: a couple of DENIED messages.
seth.arnold at canonical.com
Mon Dec 12 22:15:51 UTC 2016
On Mon, Dec 12, 2016 at 09:50:51PM +0100, daniel curtis wrote:
> /sbin/initctl Ux,
> /sbin/runlevel Ux,
> capability fsetid,
> /etc/lsb-base-logging.sh r,
Hi Daniel, yes, all these should be fine.
('capability fsetid' is perhaps the more unfortunate one; I'm not sure why
it would be needed. At least the file writes are confined by the rest of
the profile, so a compromised logrotate process wouldn't necessarily have
much chance to abuse it.)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: not available
More information about the AppArmor