Ubuntu
apparmor package

apache2 restart problems

Bug #1610111 reported by Seth Arnold
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
Confirmed
Undecided
Unassigned
apparmor (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

blahdeblah reported problems when deploying trusty apache2 with libapache2-mod-apparmor.

The apache2 main processes are usually run in complain mode because there were problems restarting apache. At least a few rules were needed:

To the main apache2 profile:
signal peer=/usr/sbin/apache2//HANDLING_UNTRUSTED_INPUT,

To the ^HANDLING_UNTRUSTED_INPUT hat:
signal peer=/usr/sbin/apache2,

To .. unknown hats (should be in all hats):
#include <abstractions/base> (to receive profiles from unconfined)

To abstractions/apache2-common:
Change:
@{PROC}/@{pid}/attr/current w,
to:
@{PROC}/@{pid}/attr/current rw,

Also "flags=(complain)" was removed from ^DEFAULT_URI and ^HANDLING_UNTRUSTED_INPUT

Thanks

See original description
Seth Arnold (seth-arnold)
description: updated
Paul Gear (paulgear)
tags: added: canonical-is
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Seth Arnold (seth-arnold)
Changed in apparmor:
status: New → Confirmed
Christian Boltz (cboltz)
tags: added: aa-policy
Revision history for this message
Christian Boltz (cboltz) wrote :

abstractions/apache2-common was updated in trunk r2532 on 2014-06-12 (also included in 2.10 and 2.9), see bug 1322764.

I didn't check if r2532 covers everything reported in this bug.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.