[apparmor] [profile] /etc/cron.daily/logrotate: a couple of DENIED messages.
daniel curtis
sidetripping at gmail.com
Tue Nov 8 14:31:42 UTC 2016
Hi,
Today I've noticed - in log files - some AppArmor entries related to the
/etc/cron.daily/logrotate profile. I would like to ask about rules, which I
should add to this profile. And here are messages from /var/log/kern.log
and /var/log/syslog files (I omitted some info, like date, paretn= etc.):
1)
apparmor="DENIED" operation="mknod" profile="/etc/cron.daily/logrotate"
name="/var/lib/logrotate/status.clean" pid=2777 comm="logrotate"
requested_mask="c" denied_mask="c" ## NOTE: there is no such file in my
system but only 'status'
2)
apparmor="DENIED" operation="exec" profile="/etc/cron.daily/logrotate"
name="/bin/sed" pid=2778 comm="logrotate" requested_mask="x"
denied_mask="x"
3)
apparmor="DENIED" operation="exec" profile="/etc/cron.daily/logrotate"
name="/bin/mv" pid=2780 comm="logrotate" requested_mask="x" denied_mask="x"
4)
apparmor="DENIED" operation="open" parent=2777
profile="/etc/cron.daily/logrotate" name="/var/lib/logrotate/" pid=2781
comm="logrotate" requested_mask="r" denied_mask="r"
5)
apparmor="DENIED" operation="open" profile="/etc/cron.daily/logrotate"
name="/etc/logrotate.d/" pid=2781 comm="logrotate" requested_mask="r"
denied_mask="r"
I'm using pretty simple profile (similar to this one [1]). So, should I add
something like this to my existing profile?:
1) /var/lib/logrotate/status rw, ## it's sufficient to *_mask="c"?
2) /bin/sed x, ## or: mixr,
3) /bin/mv x, ## or: mixr,
4) /var/lib/logrotate/ r,
/var/lib/logrotate/* r,
5) /etc/logrotate.d/ r,
/etc/logrotate.d/* r,
AppArmor version is: 2.7.102-0ubuntu3.10
Release: 12.04 LTS
Best regards.
_____________
https://apt-browse.org/browse/ubuntu/trusty-security/main/all/apparmor-profiles/2.8.95~2430-0ubuntu5.1/file/usr/share/doc/apparmor-profiles/extras/etc.cron.daily.logrotate
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161108/8324177f/attachment.html>
More information about the AppArmor
mailing list