[Bug 582814] [NEW] lighttpd profile does not work

Teka Wed, 19 May 2010 05:40:53 -0700

Public bug reported:

Binary package hint: apparmor


Binary package hint: apparmor-profiles

The apparmor profile for lighttpd provided by the apparmor-profiles
package does not work out-of-the-box.

Looking over syslog, it appears there are seven types of audit entries (one of 
each follows):
  operation="exec" profile="/usr/sbin/lighttpd" requested_mask="x::" 
denied_mask="x::" fsuid=0 ouid=0 
name="/usr/share/lighttpd/create-mime.assign.pl"
  operation="exec" profile="/usr/sbin/lighttpd" requested_mask="x::" 
denied_mask="x::" fsuid=0 ouid=0 
name="/usr/share/lighttpd/include-conf-enabled.pl"
  operation="mknod" profile="/usr/sbin/lighttpd" requested_mask="c::" 
denied_mask="c::" fsuid=33 ouid=33 name="/tmp/php.socket-0"
  operation="open" profile="/usr/sbin/lighttpd" requested_mask="r::" 
denied_mask="r::" fsuid=0 ouid=0 name="/etc/lighttpd/conf-enabled/"
  operation="open" profile="/usr/sbin/lighttpd" requested_mask="r::" 
denied_mask="r::" fsuid=0 ouid=0 name="/etc/mime.types"
  operation="open" profile="/usr/sbin/lighttpd" requested_mask="r::" 
denied_mask="r::" fsuid=0 ouid=0 
name="/usr/share/lighttpd/create-mime.assign.pl"
  operation="open" profile="/usr/sbin/lighttpd" requested_mask="r::" 
denied_mask="r::" fsuid=0 ouid=0 
name="/usr/share/lighttpd/include-conf-enabled.pl"
  operation="open" profile="/usr/sbin/lighttpd" requested_mask="r::" 
denied_mask="r::" fsuid=0 ouid=0 name="/usr/share/perl/5.10.1/strict.pm"

In order to fix this, i add theses line in usr.sbin.lighttpd:
# Perl script of configuration
   #include <abstractions/perl>
   /usr/share/lighttpd r,
   /usr/share/lighttpd/*.pl rmix,

# Support PHP5 with FastCGI
   #include <abstractions/php5>
   /tmp/php.socket* w,

# Require mimes
   /etc/mime.types r,

# Configuration
   /etc/lighttpd/conf-*/ r,
   /etc/lighttpd/conf-*/*.conf r,

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
lighttpd profile does not work
https://bugs.launchpad.net/bugs/582814
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 582814] [NEW] lighttpd profile does not work

Reply via email to