Package: apparmor-profiles Version: 2.11.0-10 Severity: normal Tags: patch otherwise we fail with
apparmor="ALLOWED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/apache2" name="" pid=13777 comm="apache2" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 Patch attached (I'd send this upstream but bzr). -- Guido
>From e1baa8286065f0ebd830e1dbfb970f3089b45f94 Mon Sep 17 00:00:00 2001 Message-Id: <e1baa8286065f0ebd830e1dbfb970f3089b45f94.1505492827.git....@sigxcpu.org> From: =?UTF-8?q?Guido=20G=C3=BCnther?= <a...@sigxcpu.org> Date: Fri, 15 Sep 2017 18:26:07 +0200 Subject: [PATCH] apache2: use attach_disconnected otherwise we fail with apparmor="ALLOWED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/apache2" name="" pid=13777 comm="apache2" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 --- profiles/apparmor.d/usr.sbin.apache2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/profiles/apparmor.d/usr.sbin.apache2 b/profiles/apparmor.d/usr.sbin.apache2 index 25a147f..987a100 100644 --- a/profiles/apparmor.d/usr.sbin.apache2 +++ b/profiles/apparmor.d/usr.sbin.apache2 @@ -1,7 +1,7 @@ # Author: Marc Deslauriers <marc.deslauri...@ubuntu.com> #include <tunables/global> -/usr/sbin/apache2 { +/usr/sbin/apache2 flags=(attach_disconnected) { # This profile is completely permissive. # It is designed to target specific applications using mod_apparmor, @@ -84,7 +84,7 @@ /** mrwlkix, - ^DEFAULT_URI { + ^DEFAULT_URI flags=(attach_disconnected) { #include <abstractions/base> #include <abstractions/apache2-common> @@ -92,7 +92,7 @@ /** mrwlkix, } - ^HANDLING_UNTRUSTED_INPUT { + ^HANDLING_UNTRUSTED_INPUT flags=(attach_disconnected) { #include <abstractions/apache2-common> / rw, -- 2.14.1