Hi Seth Yes advices too, but You helped me a lot with this profile. Anyway, today, after reload the logrotate profile, I've noticed in log file; /var/log/kern.log something like this:
Dec 9 12:44:03 t4 kernel: [ 1899.771574] type=1400 audit(1481283842.997:46): apparmor="DENIED" operation="capable" parent=8174 profile="/etc/cron.daily/logrotate" pid=8179 comm="logrotate" capability=3 capname="fowner" So, logrotate need one more capability? If yes, it is: capability fowner Am I right? Profile reloaded without any problem - it seems, that everything is okay. Best regards.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor