mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 15:55:46 +00:00
Code Issues Releases Wiki Activity

pache2 profile updates for proper signal handling, optional saslauth,

Browse Source 
and OCSP stapling

Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Kees Cook
2017-01-20 17:23:50 -08:00
committed by Seth Arnold
parent b0df52a7e5
commit b6ae84f27d
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
profiles/apparmor.d/abstractions/apache2-common
View File

@@ -8,6 +8,8 @@
signal (receive) peer=unconfined, signal (receive) peer=unconfined,
# Allow apache to send us signals by default # Allow apache to send us signals by default
signal (receive) peer=/usr/sbin/apache2, signal (receive) peer=/usr/sbin/apache2,
# Allow other hats to signal by default
signal peer=/usr/sbin/apache2//*,
# Allow us to signal ourselves # Allow us to signal ourselves
signal peer=@{profile_name}, signal peer=@{profile_name},
@@ -25,3 +27,8 @@
/dev/urandom r, /dev/urandom r,
# sasl-auth
/run/saslauthd/mux rw,
# OCSP stapling
/var/log/apache2/stapling-cache rw,