Public bug reported: I'm using a script to add hats for each vhost in my apache profile (attached for reference).
This works, but it uses some ugly sed tricks (for example, it removes ^}$ from the profile) to work. This also means that it might break a manually edited profile if someone removed the whitespace in front of } of a hat. It would be much better to have an aa-addhat script that can add a hat with a given ruleset to a profile and "understands" the profile language (like logprof/genprof do) so that it doesn't need to do sed tricks ;-) The syntax {c,sh}ould be something like aa-addhat /usr/sbin/httpd2-prefork vhost_foo " #include <abstractions/vhost_foo> /home/www/foo/httpdocs/uploads/** rw," (yes, the last parameter can be multiline) ** Affects: apparmor Importance: Wishlist Status: New -- You received this bug notification because you are a member of AppArmor Developers, which is the registrant for AppArmor. https://bugs.launchpad.net/bugs/1014298 Title: script to add a hat to a profile Status in AppArmor Linux application security framework: New Bug description: I'm using a script to add hats for each vhost in my apache profile (attached for reference). This works, but it uses some ugly sed tricks (for example, it removes ^}$ from the profile) to work. This also means that it might break a manually edited profile if someone removed the whitespace in front of } of a hat. It would be much better to have an aa-addhat script that can add a hat with a given ruleset to a profile and "understands" the profile language (like logprof/genprof do) so that it doesn't need to do sed tricks ;-) The syntax {c,sh}ould be something like aa-addhat /usr/sbin/httpd2-prefork vhost_foo " #include <abstractions/vhost_foo> /home/www/foo/httpdocs/uploads/** rw," (yes, the last parameter can be multiline) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1014298/+subscriptions -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor