[apparmor] [profile] /etc/cron.daily/logrotate - updated version. (3 new rules needed.)
daniel curtis
sidetripping at gmail.com
Sun Apr 23 17:42:38 UTC 2017
Hi
At the end of last year, Mr Christian Boltz has updated logrotate profile
(with 'UsrMerge' etc.) and pasted it here:
https://lists.ubuntu.com/archives/apparmor/2016-December/010420.html
In the meantime, several rules have appeared - simply as a DENIED entries
in a log files. Generally, it was: '/bin/echo', '/usr/bin/xargs' and
'/etc/rc?.d/' rules. By the way; Mr Seth Arnold acked an earlier version
also:
https://lists.ubuntu.com/archives/apparmor/2017-January/010438.html
But without mentioned rules etc. One more thing; till now , I dont have any
problems with this updated logrotate profile. Everything is working OK - no
DENIED entries in log files etc. Here are these three rules, which have to
be added:
/bin/echo mrix,
/usr/bin/xargs mrix,
/etc/rc?.d/ r,
Here are discussions (questions and answers) about above rules:
* https://lists.ubuntu.com/archives/apparmor/2017-February/010524.html
* https://lists.ubuntu.com/archives/apparmor/2017-January/010515.html
According to all above, logrotate profile must be updated with these rules.
Mr Christian Boltz added already updated profile. Please see:
http://bazaar.launchpad.net/~apparmor-dev/apparmor/2.11/revision/3614/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
I have question to Mr Christian Boltz: can You update logrotate profile
with these three rules? They are really needed for a properly profile work
etc. Of course, I can paste an updated profile here, but it have to be done
in Revision 3614 and so on. (
http://bazaar.launchpad.net/~apparmor-dev/apparmor/2.11/revision/3614)
Thanks, best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170423/087fe896/attachment.html>
More information about the AppArmor
mailing list