Hi Christian, On Sat, Jun 09, 2018 at 12:35:23AM +0200, Christian Boltz wrote: > Hello, > > I just got a private bugreport (as part of a somewhat unrelated > discussion) that abstractions/apache2-common contains a strange path: > > # OCSP stapling > /var/log/apache2/stapling-cache rw, > ^^^^ > shouldn't that be /var/run/.. ? > > Kees, you added this line in 2e3a871b1 a year ago. Can you please check > if it's really /var/log/apache2/ in your setup or if the bugreport is > valid?
The use of the log directory was suggested by this: https://raymii.org/s/tutorials/OCSP_Stapling_on_Apache2.html However, in checking my Apache install, it seems the default location is: /run/lock/apache2/ssl-stapling.$pid and /run/lock/apache2/ssl-stapling-refresh.$pid and in all cases, apache runs with it deleted, so /var/log is likely wrong. So I think we should use: /run/lock/apache2/stapling-cache* rw, -Kees -- Kees Cook -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
