Hi Christian
I've one more question, regarding to your updates to the logrotate profile.
During my testing, it turned out that logrotate wants access to /bin/dash -
command interpreter. So, with help from Seth, I've used 'mrix' access.
But in your updated version (see 1.) I don't see that rule;
/bin/dash mrix,
I would like to ask if it was just an oversight or a deliberate action from
your side? I noticed, that you also deleted /tmp directory, right?
- /tmp w,
And leave; '/tmp/file* wl, /tmp/logrot* wlr,' files. Do you think, that use
an 'owner' with these two rules is more secure? You have mentioned about
this, but patch does not contain an 'owner' option :- ) What is the best
solution in this case?
One more thing; I understand that '@{PROC} and @{PROC}/@{pid}' also are not
needed? Because of - as you have had written: "no trailing /, so these
rules are likely unused", right? I just want to be 100 percent sure. That's
all.
Christian, thank you once again for reviewing this profile and committed
changes.
Best regards.
_____________
1. https://lists.ubuntu.com/archives/apparmor/2016-December/010388.html
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
