[apparmor] [profile] /etc/cron.daily/logrotate: updated version - new DENIED access.
daniel curtis
sidetripping at gmail.com
Sun Feb 5 10:51:56 UTC 2017
Hi
Today, I noticed a new entries related to the logrotate profile. System was
slowing down, two files - '/var/log/kern.log' and '/var/log/syslog' - were
empty so I checked '/var/log/kern.log.1' file and there was something like
this:
Feb 5 11:34:52 t4 kernel: [ 1859.724491] type=1400
audit(1486290891.948:51): apparmor="DENIED" operation="exec" parent=3089
profile="/etc/cron.daily/logrotate" name="/bin/echo" pid=3090 comm="xargs"
requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Feb 5 11:34:52 t4 kernel: [ 1859.727569] type=1400
audit(1486290891.948:52): apparmor="DENIED" operation="exec" parent=3093
profile="/etc/cron.daily/logrotate" name="/bin/echo" pid=3094 comm="xargs"
requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Feb 5 11:34:52 t4 kernel: [ 1859.735304] type=1400
audit(1486290891.956:53): apparmor="DENIED" operation="exec" parent=3097
profile="/etc/cron.daily/logrotate" name="/bin/echo" pid=3098 comm="xargs"
requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Something is wrong with this profile. A couple days ago there was an issue
with "/etc/rc?.d/ r," and "/usr/bin/xargs mrix," rules. And now that... So,
should I add something like this one to the profile?
/bin/echo mrix,
It is okay? I think, that maybe logrotate profile should be updated.
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170205/7d980eea/attachment.html>
More information about the AppArmor
mailing list