Hello.I'm sorry for such a long time without answer. So, after five, six daysof
tests based on the removal (hashing) some rules e.g. 'ptrace', itturned out,
that these rules are needed. Firstly, after removing rules,everything was okay
- log files were rotated, informations logged etc.However, today I noticed
exactly the same symptoms, which I describedin my first mail: '/var/log/syslog'
file was empty all the time -nothing has been logged during the whole User
session and so on.Additionaly, there was a plenty of the same "DENIED" messages
(see myfirst mail). So, the situation has been repeated.Mr Jamie Strandboge,
you had asked about 'ptrace' rule:>> Does the ptrace show up if you have all
the other rules? (...)>> I was curious if there was still a ptrace denial.When
'ptrace' rule (and these for 'net_admin' capability,'/run/systemd/private' and
'/run/dbus/system_bus_socket' files) wasremoved/hashedthere was not any
"DENIED" entries and logrotate works as always -automatic rotation and
compression of log files etc. Until today.So, what do you think about all these
rules? Are they okay and secureto use? Maybe there is another way to handle
this? But, I see, thatthere are some doubts. (I mean Mr Strandboge and Mr
Arnold answers).Thanks, best regards.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
