Re: [apparmor] RFC: Patch [Bug 1207424] Re: mod_apparmor should let me use ServerName as default hat name

Fri, 09 Aug 2013 17:13:38 -0700 

On 08/09/2013 05:03 PM, Seth Arnold wrote:
> On Fri, Aug 02, 2013 at 01:41:37AM -0700, John Johansen wrote:
>> This is a first pass at providing the feature requested in Bug 1207424
>>
>> It leverages the appache config option
>>
>>   AADefaultHatName
>>
>> and when its value is specified as
>>   <hostname>
>>
>> the hostname will be looked up and used.  Obviously this patch isn't
>> complete, but its a first pass and I wanted feedback before I put any
>> more work into it.
> 
> I don't think this is it; this will use whatever the machine thinks its
> hostname is, rather than the virtual host that apache is currently
> serving a request for.
> 
right, the question now is do we want to support <hostname> and <vhostname>?

> It might be "too dynamic", but if we modify immunix_enter_hat() to
> follow r->server_rec->server_hostname, I believe that's the data we
> need when we need it. Populating the scfg->hat_name with this data might
> also work, and be less dynamic (lower overhead) but that'd require more
> reading...
> 
yep, I was going to try updating the patch this weekend

> Thanks
> 
>> ---
>>
>> === modified file 'changehat/mod_apparmor/mod_apparmor.c'
>> --- changehat/mod_apparmor/mod_apparmor.c    2011-02-08 16:18:36 +0000
>> +++ changehat/mod_apparmor/mod_apparmor.c    2013-08-02 08:36:24 +0000
>> @@ -48,6 +48,7 @@
>>  typedef struct {
>>      const char * hat_name;
>>      int is_initialized;
>> +    char hostname[HOST_NAME_MAX + 1];
>>  } immunix_srv_cfg;
>>  
>>  /* immunix_init() gets invoked in the post_config stage of apache.
>> @@ -235,6 +236,17 @@
>>                              parm1 ? parm1 : "DEFAULT");
>>      immunix_srv_cfg * scfg = mconfig;
>>      if (parm1 != NULL) {
>> +        if (strcmp(parm1, "<hostname>") == 0) {
>> +            if (gethostname(scfg->hostname, HOST_NAME_MAX+1)) {
>> +                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
>> +                         "AADefaultHatName could not obtain hostname "
>> +                             " required by config");
>> +            /* TODO: what is the correct behavior for a failure here */
>> +                    scfg->hat_name = "DEFAULT";
>> +            } else {
>> +                scfg->hat_name = scfg->hostname;
>> +            }
>> +      } else
>>              scfg->hat_name = parm1;
>>      } else {
>>              scfg->hat_name = "DEFAULT";
>>
>>
>> -- 
>> AppArmor mailing list
>> AppArmor@lists.ubuntu.com
>> Modify settings or unsubscribe at: 
>> https://lists.ubuntu.com/mailman/listinfo/apparmor
>>
>>
>>


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to