[apparmor] [Contd.] [profile] /etc/cron.daily/logrotate: a couple of DENIED messages.
seth.arnold at canonical.com
Wed Dec 14 19:30:25 UTC 2016
On Wed, Dec 14, 2016 at 07:03:52PM +0100, daniel curtis wrote:
> OK, I understand it. But 'capability fsetid' is needed, right? Even if
> you're not sure why it is needed.
Hi Daniel, I can't give perfect advice on this one. It may be needed only
on your machine for some reason local to your filesystem. It may be needed
everywhere. I just don't know.
Since I like to know everything I'd probably try to track this one down,
but I can't really suggest to you that that's the right course of action. :)
You might as well add this rule and use the time saved to walk the dog or
something more fun. ;)
I also don't know what tools would exist in 12.04 LTS that would make it
easier to investigate this issue. Maybe
echo 1 > /sys/module/apparmor/parameters/logsyscall
and see what the syscall caused this denial.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: not available
More information about the AppArmor