Проблемы Apparmor и Senmail для автоматизированных электронных писем журнала

Question

его bash скрипт отлично работает при запуске из CLI -

#!/bin/bash

tail -n 50 /var/log/suricata/fast.log > "$(date '+%Y-%m-%d_%H-%M-%S').log"

echo "Hello this is the body message, we are sending email with attachement using mutt and msmtp" \
| mutt -a /home/osboxes/Downloads/"$(date '+%Y-%m-%d_%H-%M-%S').log" \
       -s "this is the subject of the message" -- xxxx@gmail.com

Однако я пытался установить cronjob для его ежедневного запуска, но он не работает, это задание:

# m h dom mon dow command
* * * * * root /home/osboxes/Downloads/sendlogzzz.sh**

Это системная ошибка:

Apr 17 20:34:07 osboxes kernel: [  982.464037] audit: type=1400 audit(1587170047.732:1614): apparmor="DENIED" operation="file_lock" profile="/usr/bin/msmtp" name="/tmp/msmtp.log" pid=5170 comm="sendmail" requested_mask="k" denied_mask="k" fsuid=0 ouid=0
Apr 17 20:34:07 osboxes kernel: [  982.564178] audit: type=1400 audit(1587170047.832:1615): apparmor="DENIED" operation="file_lock" profile="/usr/bin/msmtp" name="/tmp/msmtp.log" pid=5170 comm="sendmail" requested_mask="k" denied_mask="k" fsuid=0 ouid=0
Apr 17 20:34:07 osboxes kernel: [  982.664238] audit: type=1400 audit(1587170047.932:1616): apparmor="DENIED" operation="file_lock" profile="/usr/bin/msmtp" name="/tmp/msmtp.log" pid=5170 comm="sendmail" requested_mask="k" denied_mask="k" fsuid=0 ouid=0
Apr 17 20:34:12 osboxes cron[637]: sendmail: cannot log to /tmp/msmtp.log: cannot lock (tried for 10 seconds): Permission denied

Это мой apparmor config для sendmail:

# Author: Simon Deziel <simon@sdeziel.info>
#include <tunables/global>
/usr/bin/msmtp flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/p11-kit>
  #include <abstractions/ssl_certs>
  #include <abstractions/ssl_keys>

  /usr/bin/msmtp          mr,
  /etc/aliases            r,
  /etc/msmtprc            r,
  /etc/netrc              r,
  owner @{HOME}/.msmtp*   r,
  owner @{HOME}/.netrc    r,
  owner @{HOME}/.tls-crls r,

  owner @{HOME}/.msmtp*.log wk,
  /var/log/msmtp            wk,

  owner @{HOME}/**/.msmtprc        r,
  owner @{HOME}/**/dot_msmtprc     r,
  owner @{HOME}/.config/msmtp/*    r,
  owner @{HOME}/.cache/msmtp/*     r,
  owner @{HOME}/.cache/msmtp/*.log wk,

  @{PROC}/@{pid}/loginuid r,
  /tmp/                   rw,
  owner /tmp/*            rw,

  # to type password interactively
  owner /dev/pts/[0-9]*   rw,

  # secret helpers
  /{,usr/}bin/bash Cx -> helpers,
  /{,usr/}bin/dash Cx -> helpers,
  profile helpers {
    #include <abstractions/base>
    /{,usr/}bin/bash mr,
    /{,usr/}bin/dash mr,
    /tmp/            rw,
    owner /tmp/*     rw,

    /usr/bin/secret-tool PUx,
    /usr/bin/gpg{,2}     PUx,
    /usr/bin/pass        PUx,
    /usr/bin/head        PUx,
    /{,usr/}bin/cat      PUx,
  }

  #include <local/usr.bin.msmtp>
}