Public bug reported:
blahdeblah reported problems when deploying trusty apache2 with
libapache2-mod-apparmor.
The apache2 main processes are usually run in complain mode because
there were problems restarting apache. At least a few rules were needed:
To the main apache2 profile:
signal peer=/usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT,
To the ^HANDLING_UNTRUSTED_INPUT hat:
signal peer=/usr/sbin/apache2,
To .. unknown hats (should be in all hats):
#include <abstractions/base> (to receive profiles from unconfined)
To abstractions/apache2-common:
Change:
@{PROC}/@{pid}/attr/current w,
to:
@{PROC}/@{pid}/attr/current rw,
Also "flags=(complain)" was removed from ^DEFAULT_URI and
^HANDLING_UNTRUSTED_INPUT
Thanks
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: canonical-is
** Description changed:
blahdeblah reported problems when deploying trusty apache2 with
libapache2-mod-apparmor.
The apache2 main processes are usually run in complain mode because
there were problems restarting apache. At least a few rules were needed:
To the main apache2 profile:
signal peer=/usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT,
To the ^HANDLING_UNTRUSTED_INPUT hat:
signal peer=/usr/sbin/apache2,
To .. unknown hats (should be in all hats):
#include <abstractions/base> (to receive profiles from unconfined)
To abstractions/apache2-common:
Change:
@{PROC}/@{pid}/attr/current w,
to:
@{PROC}/@{pid}/attr/current rw,
+ Also "flags=(complain)" was removed from ^DEFAULT_URI and
+ ^HANDLING_UNTRUSTED_INPUT
+
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1610111
Title:
apache2 restart problems
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1610111/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
