intrigeri wrote: > appar...@raf.org: > >> This does not match name="/run/lock/apache2/mpm-accept-0.22001" > >> > >> What about the broader: > >> > >> /{var/,}run/lock/apache2/mpm-accept* wk, > >> > >> ? > >> > >> Cheers, > >> -- > >> intrigeri > > > hi, > > > ah, i see it now. there's a "-" before the 0 where the rule > > is expecting a ".". > > > so, a better rule is: > > > /{var/,}run/lock/apache2/mpm-accept[.-][0-9]* wk, > > > to accept either a "." or "-" before the first digit. > > OK.
actually, apparmor doesn't like the "[.-]" construct. i'll use your version instead. > I don't understand where your profile comes from though: > there's no rule about /run/lock/apache2 in the > /etc/apparmor.d/usr.sbin.apache2 file that's shipped by the > libapache2-mod-apparmor package in Debian 9 (Stretch). i don't know where it came from either. i don't have the libapache2-mod-apparmor package and every host i have an apache2 profile on, it didn't come from a package. maybe i found it online somewhere. or maybe it was present in an older version of the apparmor-profiles or apparmor-profiles-extra package (under debian7?). > Cheers, > -- > intrigeri thanks again. cheers, raf -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor