Here is my solution, not a general tool for adding hats to profiles, but specifically for generating hats from apache-vhosts and also adding small config snippets that can be included in the corresponding vhosts.
php-cli is needed for the script, but if you need this you probably have that installed anyway ** Attachment added: "hat-from-vhost-creation-script" https://bugs.launchpad.net/apparmor/+bug/1014298/+attachment/3193858/+files/aa-addvhosthats.php -- You received this bug notification because you are a member of AppArmor Developers, which is the registrant for AppArmor. https://bugs.launchpad.net/bugs/1014298 Title: script to add a hat to a profile Status in AppArmor Linux application security framework: New Bug description: I'm using a script to add hats for each vhost in my apache profile (attached for reference). This works, but it uses some ugly sed tricks (for example, it removes ^}$ from the profile) to work. This also means that it might break a manually edited profile if someone removed the whitespace in front of } of a hat. It would be much better to have an aa-addhat script that can add a hat with a given ruleset to a profile and "understands" the profile language (like logprof/genprof do) so that it doesn't need to do sed tricks ;-) The syntax {c,sh}ould be something like aa-addhat /usr/sbin/httpd2-prefork vhost_foo " #include <abstractions/vhost_foo> /home/www/foo/httpdocs/uploads/** rw," (yes, the last parameter can be multiline) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1014298/+subscriptions -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
