On Sat, Dec 31, 2016 at 02:59:00PM +0100, Christian Boltz wrote: > Since nobody reviewed the patch yet, here's the updated version (with the > things mentioned above changed): >
Acked-by: Seth Arnold <seth.arn...@canonical.com> Acked for whichever branches it makes sense for :) Thanks > --- profiles/apparmor/profiles/extras/etc.cron.daily.logrotate 2016-12-03 > 09:59:01 +0000 > +++ profiles/apparmor/profiles/extras/etc.cron.daily.logrotate 2016-12-31 > 13:56:01 +0000 > @@ -2,6 +2,8 @@ > # ------------------------------------------------------------------ > # > # Copyright (C) 2002-2006 Novell/SUSE > +# Copyright (C) 2016 Seth Arnold > +# Copyright (C) 2016 Daniel Curtis > # > # This program is free software; you can redistribute it and/or > # modify it under the terms of version 2 of the GNU General Public > @@ -16,38 +18,58 @@ > #include <abstractions/bash> > #include <abstractions/nameservice> > > - /{usr/,}bin/bash mixr, > + capability chown, > + capability dac_override, > + capability dac_read_search, > + capability fowner, > + capability fsetid, > + > + /{usr/,}bin/{ba,da,}sh mixr, > /{usr/,}bin/cat mixr, > /{usr/,}bin/gzip mixr, > /{usr/,}bin/kill mixr, > /{usr/,}bin/logger mixr, > + /{usr/,}bin/mv mixr, > + /{usr/,}bin/sed mixr, > + /{usr/,}bin/sleep mrix, > /{usr/,}bin/true mixr, > /etc/init.d/* mixr, > + /usr/bin/head mrix, > /usr/bin/killall mixr, > + /usr/sbin/invoke-rc.d mrix, > /usr/sbin/logrotate mixr, > > - /var/log r, > - /var/log/** wrl, > + ## see https://lists.ubuntu.com/archives/apparmor/2016-December/010359.html > + /{usr/,}sbin/initctl Ux, > + /{usr/,}sbin/runlevel Ux, > + > + /var/log/ r, > + /var/log/** rwl, > > /var/lib/privoxy/log/** rwl, > /var/lib64/privoxy/log/** rwl, > > / r, > - /dev/tty wr, > + /dev/tty rw, > /etc/cron.daily/logrotate r, > /etc/logrotate.conf r, > - /etc/logrotate.d r, > + /etc/logrotate.d/ r, > /etc/logrotate.d/* r, > - /etc/subdomain.d r, > - @{PROC} r, > - @{PROC}/@{pid} r, > - /tmp w, > - /tmp/file* wl, > - /tmp/logrot* wlr, > - /var/lib/logrotate.status wr, > + /etc/lsb-base-logging.sh r, > + > +# @{PROC} r, > +# @{PROC}/@{pid} r, > + owner /tmp/file* wl, > + owner /tmp/logrot* rwl, > + > + /var/lib/logrotate/ r, > + /var/lib/logrotate/* rw, > + > /{run,var}/lock/samba r, > /{,var/}run/httpd.pid r, > /{,var/}run/syslogd.pid r, > - /var/spool/slrnpull wr, > + /{,var/}run/rsyslogd.pid r, > + > + /var/spool/slrnpull/ wr, > /var/spool/slrnpull/log* wrl, > }
signature.asc
Description: PGP signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor