Hi
At the end of last year, Mr Christian Boltz has updated logrotate profile
(with 'UsrMerge' etc.) and pasted it here:
https://lists.ubuntu.com/archives/apparmor/2016-December/010420.html
In the meantime, several rules have appeared - simply as a DENIED entries
in a log files. Generally, it
Hi Seth
>> Yes, this looks like a good addition to your logrotate profile.
Okay, added. Thank You very, very much. I hope, that Christian will take
into account all these rules and will update the logrotate profile ;- )
Best regards.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify
On Sun, Feb 05, 2017 at 11:51:56AM +0100, daniel curtis wrote:
> /bin/echo mrix,
>
> It is okay? I think, that maybe logrotate profile should be updated.
Yes, this looks like a good addition to your logrotate profile.
Thanks
signature.asc
Description: PGP signature
--
AppArmor mailing list
Hi
Today, I noticed a new entries related to the logrotate profile. System was
slowing down, two files - '/var/log/kern.log' and '/var/log/syslog' - were
empty so I checked '/var/log/kern.log.1' file and there was something like
this:
Feb 5 11:34:52 t4 kernel: [ 1859.724491] type=1400
Hello,
Am Sonntag, 29. Januar 2017, 14:33:22 CET schrieb daniel curtis:
> I'm sorry for a double messages, but I didn't noticed one entry:
> "/etc/rcS.d/". So, now my proposition for a new rules is:
Your log messages don't indicate that invoke-rc.d wants to read any file
in /etc/rc*.d/, so only
I'm sorry for a double messages, but I didn't noticed one entry:
"/etc/rcS.d/". So, now my proposition for a new rules is:
/etc/rc2.d/ r,
/etc/rc2.d/* r,
/etc/rcS.d/ r,
/etc/rcS.d/* r,
/usr/bin/xargs mrix,
What do you think - is it okay?
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Hi
Today I've noticed a strange thing - new DENIED entries, related to the
logrotate, in log files such as '/var/log/kern.log' and '/var/log/syslog'.
Honestly, I wonder why these entries have appeared after such a long time.
I thought, that a profile for logrotate has been updated properly.
On Tue, Jan 10, 2017 at 04:16:08PM +0100, daniel curtis wrote:
> Once again; thank You very much for all the help with updating the
> logrotate profile. The version on which profile is based, was pretty
> outdated, right? Honestly, I had no idea, that we will need to add so many
> rules,
Hi Seth
Once again; thank You very much for all the help with updating the
logrotate profile. The version on which profile is based, was pretty
outdated, right? Honestly, I had no idea, that we will need to add so many
rules, capabilities and so on. :- )
Christian, I would like to thank You for
On Sat, Dec 31, 2016 at 02:59:00PM +0100, Christian Boltz wrote:
> Since nobody reviewed the patch yet, here's the updated version (with the
> things mentioned above changed):
>
Acked-by: Seth Arnold
Acked for whichever branches it makes sense for :)
Thanks
> ---
Hi Christian
>> This is the usual review policy for AppArmor (...)
>> Maybe you heard about usrMerge
OK, thanks for explanations. It is logical. Yes, I've read about usrMerge -
but it was a long time ago. If I remember correctly, it was on Fedora
project website.
Anyway, I would like to ask
Hello,
Am Samstag, 31. Dezember 2016, 22:56:58 CET schrieb daniel curtis:
> Thank you once again for review etc. Honestly, I'm using logrotate
> profile with your changes: without /tmp directory or @{PROC} rules
> and everything seems to work OK :- ) But it will be better to wait
> for someone
Hi Christian
Thank you once again for review etc. Honestly, I'm using logrotate profile
with your changes: without /tmp directory or @{PROC} rules and everything
seems to work OK :- ) But it will be better to wait for someone else.
This is with reference to your words: "Since nobody reviewed the
Hello,
Am Samstag, 31. Dezember 2016, 12:47:46 CET schrieb daniel curtis:
> I've one more question, regarding to your updates to the logrotate
> profile. During my testing, it turned out that logrotate wants access
> to /bin/dash - command interpreter. So, with help from Seth, I've
> used 'mrix'
Hi Christian
I've one more question, regarding to your updates to the logrotate profile.
During my testing, it turned out that logrotate wants access to /bin/dash -
command interpreter. So, with help from Seth, I've used 'mrix' access.
But in your updated version (see 1.) I don't see that rule;
Hi Christian
Thank you very much for an explanation about missing / and also SubDomain
thing etc. It was very helpful - I learned something new today :- )
Also, thanks for taking your time to check a logrotate profile, remove some
rules, my comments and so on. Now, I'm sure that profile is
Hello,
Am Dienstag, 20. Dezember 2016, 12:52:57 CET schrieb daniel curtis:
> So, I just decided to paste the whole profile here, since I've added
> only a few rules. It should be easier to read and eventually change
> the logrotate profile in the future. Also, Mr Christian Boltz wrote,
Feel free
Hi
Please, forgive me that I'm writing message, one by one, but I've decided
to test logrotate profile without rules for a /tmp directory. Honestly;
I've never saw such files: logrot* or file* etc. So, I removed them, reload
logrotate profile (via apparmor_parser(8) utility) and AppArmor (via
Hi
It seems, that logrotate profile works. Everything is OK - no error or
DENIED messages in log files etc. I'm testing this profile since four, five
days.
So, I just decided to paste the whole profile here, since I've added only a
few rules. It should be easier to read and eventually change the
19 matches
Mail list logo