[apparmor] [profile] /etc/cron.daily/logrotate: updated version - new DENIED access.
Christian Boltz
apparmor at cboltz.de
Sun Jan 29 20:14:37 UTC 2017
Hello,
Am Sonntag, 29. Januar 2017, 14:33:22 CET schrieb daniel curtis:
> I'm sorry for a double messages, but I didn't noticed one entry:
> "/etc/rcS.d/". So, now my proposition for a new rules is:
Your log messages don't indicate that invoke-rc.d wants to read any file
in /etc/rc*.d/, so only allowing to read the directory listing should be
enough.
OTOH, it might make sense to allow the directory listing for all
runlevels, not only S and 2.
I'd add
/etc/rc?.d/ r,
/usr/bin/xargs mrix,
Regards,
Christian Boltz
--
du bist eine merkbefreite faule Sau, die nicht mal den Wink
mit dem ganzen Zaun versteht. [David Haller in opensuse-de]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170129/22c27d14/attachment.pgp>
More information about the AppArmor
mailing list