Hi Seth,
>> I forgot to mention that "normal user" is a bit of a misnomer (...)
In my case it was the first user created during system install. (A member
of - among others - "adm" group etc.) And I could not open these files,
because of "permission denied" messages. Of course, as I mentioned earlier,
everything has worked via sudo(8). But this problem is already solved -
thanks to You.
I thought about umask(2), because a looong time ago I've changed its value
to 077 and I think, that logrotate - because of /var/log/ rule - created a
'new' kern.log nad syslog files with root permission etc. It seems to be
not important anymore.
So, if it's about both capability (capability dac_override and capability
dac_read_search) rules: I should add them to a logrotate profile, right?
And the rest of rules? You have written a comment about them, but nothing
about if I should change something etc. Besides @{PROC} and 'owner' :- )
>> Probably a bad idea to use 'owner' for these rules (...)
Let's summarize: if I decide to use a logrotate profile then I can/should
add rules mentioned in my previous message without any changes, right? (Not
to mention @{PROC}).
Seth, thank You once again for all the answers and help.
Best regards.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
