On Tue, Sep 22, 2015 at 11:09 AM, John Johansen <[email protected]> wrote: > << snip >> > >>>>> Sure, attached. I find it strange that the output ends with a >>>>> >>>>> @{HOME}= >>>>> >>>>> line, which would explain the error. However, I don't have such a line >>>>> in my /etc/apparmor.d directory >>>>> >>>> So this is an artifact of how the parser is processing variables. >>>> >>>> The defines are read and partially processed during the preprocessing >>>> phase of >>>> the parse and it is choking on @{HOME}= being assigned inside of the >>>> profile >>>> scope (currently vars can only be defined in the header). >>>> >>>> What you need to look for is a file in <apache2.d> that is including >>>> <tunables/global> >>> >>> That's right , there's a apache2.d/wordpress file which has that include >>> >>> Removing it makes the error go away, which is good. On the other hand, >>> the wordpress file, which contains >>> >>> ^wordpress { >>> #include <abstractions/base> >>> #include <abstractions/nameservice> >>> #include <abstractions/apache2-common> >>> #include <abstractions/php5> >>> /srv/www/wordpress/ r, >>> /srv/www/wordpress/** r, >>> /srv/www/wordpress/wp-content/** w, >>> /var/log/apache2/** w, >>> /srv/www/mod_pagespeed/cache/** w, >>> /etc/wordpress/wp-config.php r, >>> @{PROC}/@{pid}/statm r, >>> } >>> >>> makes apparmor_parser complain: >>> >>> $ apparmor_parser -r wordpress >>> Found reference to variable PROC, but is never declared >>> > > strange, @{PROC} is definitely defined earlier, > > can you provide me an updated output for > apparmor_parser -p /etc/apparmor.d/usr.sbin.httpd2-prefork
Sure, it's attached. The question is though - should I call apparmor_parser on apache.d/wordpress ( which is a fragment ) or is it enough to call it on usr.sbin.httpd2-prefork ? Thanks, Robert -- http://robert.muntea.nu/
httpd-prefork-expanded
Description: Binary data
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
