[apparmor] [profile] /etc/cron.daily/logrotate - updated version. (3 new rules needed.)

2017-04-23 Thread daniel curtis
Hi At the end of last year, Mr Christian Boltz has updated logrotate profile (with 'UsrMerge' etc.) and pasted it here: https://lists.ubuntu.com/archives/apparmor/2016-December/010420.html In the meantime, several rules have appeared - simply as a DENIED entries in a log files. Generally, it

[apparmor] [profile] /etc/cron.daily/logrotate: updated version - new DENIED access.

2017-02-07 Thread daniel curtis
Hi Seth >> Yes, this looks like a good addition to your logrotate profile. Okay, added. Thank You very, very much. I hope, that Christian will take into account all these rules and will update the logrotate profile ;- ) Best regards. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify

Re: [apparmor] [profile] /etc/cron.daily/logrotate: updated version - new DENIED access.

2017-02-06 Thread Seth Arnold
On Sun, Feb 05, 2017 at 11:51:56AM +0100, daniel curtis wrote: > /bin/echo mrix, > > It is okay? I think, that maybe logrotate profile should be updated. Yes, this looks like a good addition to your logrotate profile. Thanks signature.asc Description: PGP signature -- AppArmor mailing list

[apparmor] [profile] /etc/cron.daily/logrotate: updated version - new DENIED access.

2017-02-05 Thread daniel curtis
Hi Today, I noticed a new entries related to the logrotate profile. System was slowing down, two files - '/var/log/kern.log' and '/var/log/syslog' - were empty so I checked '/var/log/kern.log.1' file and there was something like this: Feb 5 11:34:52 t4 kernel: [ 1859.724491] type=1400

Re: [apparmor] [profile] /etc/cron.daily/logrotate: updated version - new DENIED access.

2017-01-29 Thread Christian Boltz
Hello, Am Sonntag, 29. Januar 2017, 14:33:22 CET schrieb daniel curtis: > I'm sorry for a double messages, but I didn't noticed one entry: > "/etc/rcS.d/". So, now my proposition for a new rules is: Your log messages don't indicate that invoke-rc.d wants to read any file in /etc/rc*.d/, so only

[apparmor] [profile] /etc/cron.daily/logrotate: updated version - new DENIED access.

2017-01-29 Thread daniel curtis
I'm sorry for a double messages, but I didn't noticed one entry: "/etc/rcS.d/". So, now my proposition for a new rules is: /etc/rc2.d/ r, /etc/rc2.d/* r, /etc/rcS.d/ r, /etc/rcS.d/* r, /usr/bin/xargs mrix, What do you think - is it okay? -- AppArmor mailing list AppArmor@lists.ubuntu.com

[apparmor] [profile] /etc/cron.daily/logrotate: updated version - new DENIED access.

2017-01-29 Thread daniel curtis
Hi Today I've noticed a strange thing - new DENIED entries, related to the logrotate, in log files such as '/var/log/kern.log' and '/var/log/syslog'. Honestly, I wonder why these entries have appeared after such a long time. I thought, that a profile for logrotate has been updated properly.

Re: [apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2017-01-10 Thread Seth Arnold
On Tue, Jan 10, 2017 at 04:16:08PM +0100, daniel curtis wrote: > Once again; thank You very much for all the help with updating the > logrotate profile. The version on which profile is based, was pretty > outdated, right? Honestly, I had no idea, that we will need to add so many > rules,

[apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2017-01-10 Thread daniel curtis
Hi Seth Once again; thank You very much for all the help with updating the logrotate profile. The version on which profile is based, was pretty outdated, right? Honestly, I had no idea, that we will need to add so many rules, capabilities and so on. :- ) Christian, I would like to thank You for

Re: [apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2017-01-09 Thread Seth Arnold
On Sat, Dec 31, 2016 at 02:59:00PM +0100, Christian Boltz wrote: > Since nobody reviewed the patch yet, here's the updated version (with the > things mentioned above changed): > Acked-by: Seth Arnold Acked for whichever branches it makes sense for :) Thanks > ---

[apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2017-01-03 Thread daniel curtis
Hi Christian >> This is the usual review policy for AppArmor (...) >> Maybe you heard about usrMerge OK, thanks for explanations. It is logical. Yes, I've read about usrMerge - but it was a long time ago. If I remember correctly, it was on Fedora project website. Anyway, I would like to ask

Re: [apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2017-01-01 Thread Christian Boltz
Hello, Am Samstag, 31. Dezember 2016, 22:56:58 CET schrieb daniel curtis: > Thank you once again for review etc. Honestly, I'm using logrotate > profile with your changes: without /tmp directory or @{PROC} rules > and everything seems to work OK :- ) But it will be better to wait > for someone

[apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2016-12-31 Thread daniel curtis
Hi Christian Thank you once again for review etc. Honestly, I'm using logrotate profile with your changes: without /tmp directory or @{PROC} rules and everything seems to work OK :- ) But it will be better to wait for someone else. This is with reference to your words: "Since nobody reviewed the

Re: [apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2016-12-31 Thread Christian Boltz
Hello, Am Samstag, 31. Dezember 2016, 12:47:46 CET schrieb daniel curtis: > I've one more question, regarding to your updates to the logrotate > profile. During my testing, it turned out that logrotate wants access > to /bin/dash - command interpreter. So, with help from Seth, I've > used 'mrix'

[apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2016-12-31 Thread daniel curtis
Hi Christian I've one more question, regarding to your updates to the logrotate profile. During my testing, it turned out that logrotate wants access to /bin/dash - command interpreter. So, with help from Seth, I've used 'mrix' access. But in your updated version (see 1.) I don't see that rule;

[apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2016-12-28 Thread daniel curtis
Hi Christian Thank you very much for an explanation about missing / and also SubDomain thing etc. It was very helpful - I learned something new today :- ) Also, thanks for taking your time to check a logrotate profile, remove some rules, my comments and so on. Now, I'm sure that profile is

Re: [apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2016-12-25 Thread Christian Boltz
Hello, Am Dienstag, 20. Dezember 2016, 12:52:57 CET schrieb daniel curtis: > So, I just decided to paste the whole profile here, since I've added > only a few rules. It should be easier to read and eventually change > the logrotate profile in the future. Also, Mr Christian Boltz wrote, Feel free

[apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2016-12-20 Thread daniel curtis
Hi Please, forgive me that I'm writing message, one by one, but I've decided to test logrotate profile without rules for a /tmp directory. Honestly; I've never saw such files: logrot* or file* etc. So, I removed them, reload logrotate profile (via apparmor_parser(8) utility) and AppArmor (via

[apparmor] [profile] /etc/cron.daily/logrotate: updated version.

2016-12-20 Thread daniel curtis
Hi It seems, that logrotate profile works. Everything is OK - no error or DENIED messages in log files etc. I'm testing this profile since four, five days. So, I just decided to paste the whole profile here, since I've added only a few rules. It should be easier to read and eventually change the