Changes between Initial Version and Version 1 of Ticket #376, comment 4
- Timestamp:
- 11/11/16 02:14:41 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #376, comment 4
initial v1 1 To make matter worse, the log is always opened using O_CREAT, disallowing the use of AppArmor to restrict the log file opening to append only.1 To make matter worse, the log is always opened using O_CREAT, disallowing the use of !AppArmor to restrict the log file opening to append only. 2 2 3 3 The workaround we're using is: 4 * Make a AppArmor profile which removes dac_override and chown capabilities from Nginx.4 * Make a !AppArmor profile which removes dac_override and chown capabilities from Nginx. 5 5 * Set-up logrotate to create files as root:adm/0640. 6 6 * Set-up logrotate to issue a SIGHUP instead of SIGUSR1.
