Hello. I'm sorry for such a long time without answer. So, after five, six days of tests based on the removal (hashing) some rules e.g. 'ptrace', it turned out, that these rules are needed. Firstly, after removing rules, everything was okay - log files were rotated, informations logged etc.
However, today I noticed exactly the same symptoms, which I described in my first mail: '/var/log/syslog' file was empty all the time - nothing has been logged during the whole User session and so on. Additionaly, there was a plenty of the same "DENIED" messages (see my first mail). So, the situation has been repeated. Mr Jamie Strandboge, you had asked about 'ptrace' rule: >> Does the ptrace show up if you have all the other rules? (...) >> I was curious if there was still a ptrace denial. When 'ptrace' rule (and these for 'net_admin' capability, '/run/systemd/private' and '/run/dbus/system_bus_socket' files) was removed/hashed there was not any "DENIED" entries and logrotate works as always - automatic rotation and compression of log files etc. Until today. So, what do you think about all these rules? Are they okay and secure to use? Maybe there is another way to handle this? But, I see, that there are some doubts. (I mean Mr Strandboge and Mr Arnold answers). Thanks, best regards. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
