Re: [apparmor] abstractions/apache2-common - path for stapling-cache

[Kees Cook]

Hi Christian,

On Sat, Jun 09, 2018 at 12:35:23AM +0200, Christian Boltz wrote:
> Hello,
> 
> I just got a private bugreport (as part of a somewhat unrelated 
> discussion) that abstractions/apache2-common contains a strange path:
> 
>  # OCSP stapling
>  /var/log/apache2/stapling-cache rw,
>  
>shouldn't that be /var/run/.. ?
> 
> Kees, you added this line in 2e3a871b1 a year ago. Can you please check 
> if it's really /var/log/apache2/ in your setup or if the bugreport is 
> valid?

The use of the log directory was suggested by this:
https://raymii.org/s/tutorials/OCSP_Stapling_on_Apache2.html

However, in checking my Apache install, it seems the default location is:
/run/lock/apache2/ssl-stapling.$pid
and
/run/lock/apache2/ssl-stapling-refresh.$pid
and in all cases, apache runs with it deleted, so /var/log is likely wrong.

So I think we should use:

  /run/lock/apache2/stapling-cache* rw,

-Kees

-- 
Kees Cook

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] abstractions/apache2-common - path for stapling-cache

[Christian Boltz]

Hello,

I just got a private bugreport (as part of a somewhat unrelated 
discussion) that abstractions/apache2-common contains a strange path:

 # OCSP stapling
 /var/log/apache2/stapling-cache rw,
 
   shouldn't that be /var/run/.. ?

Kees, you added this line in 2e3a871b1 a year ago. Can you please check 
if it's really /var/log/apache2/ in your setup or if the bugreport is 
valid?


Regards,

Christian Boltz
-- 
  GUI
 Ein Hintergrundbild und 12 Xterms (Kristian Köhntopp)


signature.asc
Description: This is a digitally signed message part.
-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor