AppArmor currently does not mediate inter-process communication, including signals, except in the special case that a capability is required to communicate, e.g., to kill a non-root process from the root account. But no privilege is required to send signals to processes owned by the same user, so no capability is required.
It is planned to add IPC mediation to AppArmor in the future, in part to make AppArmor more useful in cases like this. In the meantime, you may wish to change your approach slightly. I assume that you're creating a new account for managing the web server with these suggestions: - set the user's shell to the confined shell - set sudo to only allow running "service apache start" and related commands - re-profile the shell to allow executing "sudo service apache start" and related commands. (I'd start over, the end result should be fast and easy to generate.) The sudoers will look something like this: user ALL=/usr/sbin/service apache restart, /usr/sbin/service apache start, /usr/sbin/service apache stop, /usr/sbin/service apache reload Of course a flaw in the apache service scripts might still allow killing root-owned processes when executing these commands, but that feels unlikely -- additional arguments are accepted, and sudo can be configured to perform environment scrubbing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1089242 Title: apparmor RBAC kill command issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1089242/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
