Public bug reported:
blahdeblah reported problems when deploying trusty apache2 with
libapache2-mod-apparmor.
The apache2 main processes are usually run in complain mode because
there were problems restarting apache. At least a few rules were needed:
To the main apache2 profile:
signal peer=/usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT,
To the ^HANDLING_UNTRUSTED_INPUT hat:
signal peer=/usr/sbin/apache2,
To .. unknown hats (should be in all hats):
#include <abstractions/base> (to receive profiles from unconfined)
To abstractions/apache2-common:
Change:
@{PROC}/@{pid}/attr/current w,
to:
@{PROC}/@{pid}/attr/current rw,
Also "flags=(complain)" was removed from ^DEFAULT_URI and
^HANDLING_UNTRUSTED_INPUT
Thanks
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: canonical-is
** Description changed:
blahdeblah reported problems when deploying trusty apache2 with
libapache2-mod-apparmor.
The apache2 main processes are usually run in complain mode because
there were problems restarting apache. At least a few rules were needed:
To the main apache2 profile:
signal peer=/usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT,
To the ^HANDLING_UNTRUSTED_INPUT hat:
signal peer=/usr/sbin/apache2,
To .. unknown hats (should be in all hats):
#include <abstractions/base> (to receive profiles from unconfined)
To abstractions/apache2-common:
Change:
@{PROC}/@{pid}/attr/current w,
to:
@{PROC}/@{pid}/attr/current rw,
+ Also "flags=(complain)" was removed from ^DEFAULT_URI and
+ ^HANDLING_UNTRUSTED_INPUT
+
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1610111
Title:
apache2 restart problems
Status in apparmor package in Ubuntu:
New
Bug description:
blahdeblah reported problems when deploying trusty apache2 with
libapache2-mod-apparmor.
The apache2 main processes are usually run in complain mode because
there were problems restarting apache. At least a few rules were
needed:
To the main apache2 profile:
signal peer=/usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT,
To the ^HANDLING_UNTRUSTED_INPUT hat:
signal peer=/usr/sbin/apache2,
To .. unknown hats (should be in all hats):
#include <abstractions/base> (to receive profiles from unconfined)
To abstractions/apache2-common:
Change:
@{PROC}/@{pid}/attr/current w,
to:
@{PROC}/@{pid}/attr/current rw,
Also "flags=(complain)" was removed from ^DEFAULT_URI and
^HANDLING_UNTRUSTED_INPUT
Thanks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1610111/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
