Package: apparmor-profiles
Version: 2.11.0-10
Severity: normal
Tags: patch
otherwise we fail with
apparmor="ALLOWED" operation="file_mmap" info="Failed name lookup -
disconnected path" error=-13 profile="/usr/sbin/apache2" name="" pid=13777
comm="apache2" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
Patch attached (I'd send this upstream but bzr).
-- Guido
>From e1baa8286065f0ebd830e1dbfb970f3089b45f94 Mon Sep 17 00:00:00 2001
Message-Id: <e1baa8286065f0ebd830e1dbfb970f3089b45f94.1505492827.git....@sigxcpu.org>
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <a...@sigxcpu.org>
Date: Fri, 15 Sep 2017 18:26:07 +0200
Subject: [PATCH] apache2: use attach_disconnected
otherwise we fail with
apparmor="ALLOWED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/apache2" name="" pid=13777 comm="apache2" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
---
profiles/apparmor.d/usr.sbin.apache2 | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/profiles/apparmor.d/usr.sbin.apache2 b/profiles/apparmor.d/usr.sbin.apache2
index 25a147f..987a100 100644
--- a/profiles/apparmor.d/usr.sbin.apache2
+++ b/profiles/apparmor.d/usr.sbin.apache2
@@ -1,7 +1,7 @@
# Author: Marc Deslauriers <marc.deslauri...@ubuntu.com>
#include <tunables/global>
-/usr/sbin/apache2 {
+/usr/sbin/apache2 flags=(attach_disconnected) {
# This profile is completely permissive.
# It is designed to target specific applications using mod_apparmor,
@@ -84,7 +84,7 @@
/** mrwlkix,
- ^DEFAULT_URI {
+ ^DEFAULT_URI flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/apache2-common>
@@ -92,7 +92,7 @@
/** mrwlkix,
}
- ^HANDLING_UNTRUSTED_INPUT {
+ ^HANDLING_UNTRUSTED_INPUT flags=(attach_disconnected) {
#include <abstractions/apache2-common>
/ rw,
--
2.14.1
