Hi Christian,
On Sat, Jun 09, 2018 at 12:35:23AM +0200, Christian Boltz wrote:
> Hello,
>
> I just got a private bugreport (as part of a somewhat unrelated
> discussion) that abstractions/apache2-common contains a strange path:
>
> # OCSP stapling
> /var/log/apache2/stapling-cache rw,
>
>shouldn't that be /var/run/.. ?
>
> Kees, you added this line in 2e3a871b1 a year ago. Can you please check
> if it's really /var/log/apache2/ in your setup or if the bugreport is
> valid?
The use of the log directory was suggested by this:
https://raymii.org/s/tutorials/OCSP_Stapling_on_Apache2.html
However, in checking my Apache install, it seems the default location is:
/run/lock/apache2/ssl-stapling.$pid
and
/run/lock/apache2/ssl-stapling-refresh.$pid
and in all cases, apache runs with it deleted, so /var/log is likely wrong.
So I think we should use:
/run/lock/apache2/stapling-cache* rw,
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor