Ysgrifennodd Seth Arnold:
On Tue, Feb 27, 2007 at 07:18:29PM +0000, Peter Bradley wrote:
earlier. I had AppArmor going wild for no reason I could fathom and
refusing to allow Apache to do all the things it needed to do (like
access the file system). There are other, smaller, issues as well.
"Going wild"? What happened here?
Well, "going wild" may be a bit colourful :) but I somehow went from
having no problem at all with Apache to having nothing but trouble - and
it all turned out to be because AppArmor was (if I understand correctly
how it works) denying it access to the file system. I had to use the
most general glob possible in the end, because anything else fell over
the next time a new, unique filename was created.
Why it should suddenly have started denying access is a complete mystery
to me.
I also suspect that AppArmor was behind the trouble I had getting the
Zend Platform installed (but I'm using hindsight and it may not be 20/20).
AppArmor hasn't shipped with an Apache profile turned on by default since
10.0; I can't recall what we did in 10.0, but that was an all-around
depressing release of AppArmor. (Still based on the old Immunix business
model, so it was "AppArmor lite".)
If you haven't tried AppArmor since 10.0, I'd like to suggest you try it
again. :)
I'm still on 10.0. It's been so hard to get it configured how I want it
that I'm a bit unwilling to upgrade - especially having seen all the
problems that people have had with upgrades. I really don't want to
have to do a clean install of a newer version and have to go through
weeks of configuring everything (Apache, PHP, Zend IDE and Platform,
MySQL + tools, etc etc).
If you tried AppArmor in 10.1 or 10.2 and had problems with Apache after
enabling the Apache profile (or starting your own), just run 'aa-genprof
/usr/sbin/httpd2-prefork', exercise your webserver for a little while,
and answer some questions.
But if you could point out what happened with "going wild", it'd be nice
to know. We do make mistakes.
Thanks
No, thank you, Seth, for taking an interest. I hope what I've said
above is of use. Please feel free to contact me if you want any further
information.
And please don't regard my comments as a complaint. Despite the fact
that I've found 10.0 to be more flakey than any other OS I've ever
installed, I still wouldn't go back to Windows. I just reckon that
occasionally you have to suffer to be free :)
Now, I'm going to post this before Thunderbird crashes.
Peter
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
