Hi Christian I've one more question, regarding to your updates to the logrotate profile. During my testing, it turned out that logrotate wants access to /bin/dash - command interpreter. So, with help from Seth, I've used 'mrix' access.
But in your updated version (see 1.) I don't see that rule; /bin/dash mrix, I would like to ask if it was just an oversight or a deliberate action from your side? I noticed, that you also deleted /tmp directory, right? - /tmp w, And leave; '/tmp/file* wl, /tmp/logrot* wlr,' files. Do you think, that use an 'owner' with these two rules is more secure? You have mentioned about this, but patch does not contain an 'owner' option :- ) What is the best solution in this case? One more thing; I understand that '@{PROC} and @{PROC}/@{pid}' also are not needed? Because of - as you have had written: "no trailing /, so these rules are likely unused", right? I just want to be 100 percent sure. That's all. Christian, thank you once again for reviewing this profile and committed changes. Best regards. _____________ 1. https://lists.ubuntu.com/archives/apparmor/2016-December/010388.html
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor