On Wed, Nov 09, 2016 at 12:21:39PM +0100, daniel curtis wrote: > Thanks for an answer. So these are rules, which I should add to the > /etc/cron.daily/logrotate profile, right? > > /var/lib/logrotate/ r, > /var/lib/logrotate/status.clean w, ## NOTE: in my system there is no such > file - there is only 'status'
This may be a short-lived file, or it may exist once the profile allows it to exist. > /bin/sed mixr, > /bin/mv mixr, > > /var/lib/logrotate/* r, > /var/lib/logrotate/ rw, > > /etc/logrotate.d/ r, > /etc/logrotate.d/* rw, > > It looks okay for you now? Can I use these rules? Probably the cronjob shouldn't have write access to /etc/logrotate.d/* -- that's for the admin to configure the system, or packages to provide configuration. I'd change that to only 'r' access. Otherwise they look good. Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
