Hi Daniel,
On Fri, Nov 11, 2016 at 11:43:23AM +0100, daniel curtis wrote:
> So, if it's about both capability (capability dac_override and capability
> dac_read_search) rules: I should add them to a logrotate profile, right?
> And the rest of rules? You have written a comment about them, but nothing
> about if I should change something etc. Besides @{PROC} and 'owner' :- )
>
> >> Probably a bad idea to use 'owner' for these rules (...)
>
> Let's summarize: if I decide to use a logrotate profile then I can/should
> add rules mentioned in my previous message without any changes, right? (Not
> to mention @{PROC}).
>
> Seth, thank You once again for all the answers and help.Sorry I wasn't more clear before -- all those rules made sense to add to your log rotate profile, with the exception of write access to /etc/logrotate.d/* files -- it shouldn't need to modify those files to do its job. Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
