No AppArmor rules or confinement exist.
Bug #1693522 reported by
Thomas Ward
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nginx (Ubuntu) |
Triaged
|
Wishlist
|
Thomas Ward |
Bug Description
Currently, nginx has no AppArmor rules to confine it to certain areas, and technically can read nearly any file on the system.
Putting some AppArmor rules in place might be a good idea.
Changed in nginx (Ubuntu): | |
importance: | Medium → Wishlist |
To post a comment you must log in.
I've been using this profile https:/ /github. com/simondeziel /aa-profiles/ blob/master/ 16.04/usr. sbin.nginx for some time already which I think could be a good starting point.