felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

polishing

Browse source
This commit is contained in:
nobodysu 2022-05-28 00:47:21 +03:00 committed by Alex
parent 9dab6b9794
commit 4a76a69632
6 changed files with 64 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/profiles-g-l/logrotate
View file

@ -31,6 +31,7 @@ profile logrotate @{exec_path} flags=(attach_disconnected, complain) {
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/grep rix,
/{usr/,}bin/kill rix,
/{usr/,}bin/ls rix,
/{usr/,}bin/gzip rix,
@ -39,6 +40,7 @@ profile logrotate @{exec_path} flags=(attach_disconnected, complain) {
/{usr/,}lib/rsyslog/rsyslog-rotate rix,
/{usr/,}bin/fail2ban-client rPx,
/{usr/,}bin/systemd-tty-ask-password-agent rPx,
/{usr/,}bin/my_print_defaults rPUx,
# no new privs
#/{usr/,}bin/systemctl rCx -> systemctl,
@ -65,8 +67,8 @@ profile logrotate @{exec_path} flags=(attach_disconnected, complain) {
/var/lib/logrotate.status rwk,
/var/lib/logrotate.status.tmp rw,
/var/log/ r,
/var/log/** rw,
/var/log{,.hdd}/ r,
/var/log{,.hdd}/** rw,
# Needed to remove the following error:
# logrotate[]: error: could not change directory to '.'