David

Asked: 2012-05-04 09:31:51 +0800 CST2012-05-04 09:31:51 +0800 CST 2012-05-04 09:31:51 +0800 CST

Apparmor externally included hats not working

Running apache2 on Ubuntu 12.04, using mod-apparmor for change-hat support.

I have installed and verified that change-hat is working but that it is not working for externally included hats like the example hat provided for phpSysInfo by the mod-apparmor package.

I'm curious why this particular external include doesn't work, when other types of includes (ie: the "abstractions") are working. It's strange that the package maintainer set it up this way if it doesn't work.

The hat works fine if it is not provided as an "include", but is instead written directly into the apache2 profile.

The pertinent config file layout is like so:

/etc/
| apparmor.d/
| | apache2.d/
| | | phpsysinfo
| | usr.lib.apache2.mpm-prefork.apache2

And the hats are included in the apache profile like this, as provided by the package maintainer:

/usr/lib/apache2/mpm-prefork/apache2 flags=(complain) {
  #include <apache2.d>
}

With the hat file (apache2.d/phpsysinfo) looking like this:

^phpsysinfo {
  #include <abstractions/apache2-common>
  #include <abstractions/base>
  ...
}

Apparmor externally included hats not working

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Apparmor externally included hats not working

0 Answers