No AppArmor rules or confinement exist.

Bug #1693522 reported by Thomas Ward
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Triaged
Wishlist
Thomas Ward

Bug Description

Currently, nginx has no AppArmor rules to confine it to certain areas, and technically can read nearly any file on the system.

Putting some AppArmor rules in place might be a good idea.

Thomas Ward (teward)
Changed in nginx (Ubuntu):
importance: Medium → Wishlist
Revision history for this message
Simon Déziel (sdeziel) wrote :

I've been using this profile https://github.com/simondeziel/aa-profiles/blob/master/16.04/usr.sbin.nginx for some time already which I think could be a good starting point.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.