[prev in list] [next in list] [prev in thread] [next in thread]
List: apparmor-dev
Subject: [patch 3/3] profiles: apache2 — allow HANDLING_UNTRUSTED_INPUT access to abstractions/base
From: Steve Beattie <steve () nxnw ! org>
Date: 2014-06-19 0:44:05
Message-ID: 20140619004402.991257562 () nxnw ! org
[Download RAW message or body]
This patch adds the abstractions/base abstraction to the
HANDLING_UNTRUSTED_INPUT apache2 hat.
[I dislike this because the idea for the HANDLING_UNTRUSTED_INPUT is
that it is to be as minimal as possible, as sort of a poor man's
privilege separation for when apache is parsing a request and
determining what to do with it. The abstractions/base abstraction allows
too much for such a hat IMO. (Honestly, I'd like cut down the existing
allowed accesses in it.)]
---
profiles/apparmor.d/usr.sbin.apache2 | 1 +
1 file changed, 1 insertion(+)
Index: b/profiles/apparmor.d/usr.sbin.apache2
===================================================================
--- a/profiles/apparmor.d/usr.sbin.apache2
+++ b/profiles/apparmor.d/usr.sbin.apache2
@@ -88,6 +88,7 @@
}
^HANDLING_UNTRUSTED_INPUT {
+ #include <abstractions/base>
#include <abstractions/apache2-common>
/ rw,
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic