Hello, Am Samstag, 4. Februar 2012 schrieb Jeroen Ooms: > On Sat, Feb 4, 2012 at 11:48 AM, Jeroen Ooms <jeroen.o...@stat.ucla.edu>wrote: > > I was wondering if anyone tried, or knows if the > > apache2-mpm-itk<http://mpm-itk.sesse.net/> module (which is a mod > > of mpm-prefork) is compatible with mod-apparmor? > I tested it and it works like a charm. I created a > profile /usr/lib/apache2/mpm-itk/apache2 which is identical to the > prefork one, with the only difference that the > ^HANDLING_UNTRUSTED_INPUT hat by default includes: > > capability setgid, > capability setuid, > > Which is obvious because this is exactly the purpose of itk.
Indeed ;-) > Maybe this file could be included in the libapache2-mod-apparmor > package? I'd prefer to have in in the apparmor package/tarball so that all distributions get the profile automatically. We should also consider to split off large parts of the apache profile(s) to a separate file (program-chunks/apache?) that can be included in the httpd2-prefork and apache2-mpm-itk profile. Otherwise we'll get a maintenance hell sooner or later... Regards, Christian Boltz -- Linux - und dein PC macht nie wieder blau. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor