[apparmor] [profile] /etc/cron.daily/logrotate: a couple of DENIED messages.
Christian Boltz
apparmor at cboltz.de
Wed Nov 16 21:10:07 UTC 2016
Hello,
Am Dienstag, 15. November 2016, 15:40:23 CET schrieb daniel curtis:
> Thank You once again for all your help. I really appreciate it. So if
> it's about a logrotate profile: each mentioned rule seems to be okay
> and I can use them. Additionally, I should add a capabilities
> (capability dac_override and capability dac_read_search) but not use
> 'owner' with @{PROC} etc.
Right. Everything you showed looks sane (except write permissions for
/etc/logrotate.d/* - but Seth already mentioned this some days ago).
BTW: It looks like your profile is based on the logrotate profile shipped
in the AppArmor "extra profiles" directory. Can you please send a patch
against that profile (or just the updated profile) when everything works
for you? The "extra profiles" are not really maintained, but since you
updated the profile already, this is our chance to easily update it for
everybody ;-)
Regards,
Christian Boltz
--
you are spending too much time in web forums or with apache guys if you
are using "+1" and "-1" :-) [Stefan Seyfried in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161116/f6b5adf1/attachment.pgp>
More information about the AppArmor
mailing list