No AppArmor rules or confinement exist.

Bug #1693522 reported by Thomas Ward on 2017-05-25
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Wishlist
Thomas Ward

Bug Description

Currently, nginx has no AppArmor rules to confine it to certain areas, and technically can read nearly any file on the system.

Putting some AppArmor rules in place might be a good idea.

Thomas Ward (teward) on 2017-05-25
Changed in nginx (Ubuntu):
importance: Medium → Wishlist
Simon Déziel (sdeziel) wrote :

I've been using this profile https://github.com/simondeziel/aa-profiles/blob/master/16.04/usr.sbin.nginx for some time already which I think could be a good starting point.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers