[apparmor] [profile] /etc/cron.daily/logrotate: a couple of DENIED messages.
daniel curtis
sidetripping at gmail.com
Thu Nov 17 11:44:18 UTC 2016
Hi Christian
Yes, you're right - my profile is based on a logrotate profile, which can
be found here [1]. But, as you probably noticed, I've had to add a couple
rules - for example - /bin/dash and capabilities etc.
Of course I can send a patch or even the whole profile (I think it can be
better, because of my comments made on every added rules). Some of the
directory or files which are in the profile, are not in my system i.e.:
/{run,var}/lock/samba and so on - that's why I had to add various comments.
One more thing: if it's about patch, I should do it - for example - this
way?
+++ /bin/dash mrix,
+++ /bin/sed mixr,
+++ /bin/mv mixr,
And so on, right? (These are rules that are not in
apparmor-profiles/extras/etc.cron.daily.logrotate
profile; see [1]).
Or maybe it's better to send a whole profile? There were some problems with
log files permissions etc. (see previous messages) and I decided to remove
logrotate profile for now. So we will need additional tests.
Best regards.
_____________
[1]
https://apt-browse.org/browse/ubuntu/trusty-security/main/all/apparmor-profiles/2.8.95~2430-0ubuntu5.1/file/usr/share/doc/apparmor-profiles/extras/etc.cron.daily.logrotate
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161117/aeb3fb9d/attachment.html>
More information about the AppArmor
mailing list