[apparmor] apparmor+debian+apache2-mpm-itk

Seth Arnold seth.arnold at gmail.com
Mon Oct 24 11:55:56 UTC 2011

Can you include the AppArmor DENIED messages? Check /var/log/messages or /var/log/syslog or /var/log/audit/audit.log as described at http://wiki.apparmor.net/index.php/AppArmor_Failures#Messages_in_the_Log_files

Perhaps you need to add "capability setuid" to the HANDLING_UNTRUSTED_INPUT "hat" -- only "setgid" is there now -- but those permissions seem funny in that location and it would be nice to know what exactly is being denied.

------Original Message------
From: natan maciej milaszewski
Sender: apparmor-bounces at lists.ubuntu.com
To: apparmor at lists.ubuntu.com
Subject: [apparmor] apparmor+debian+apache2-mpm-itk
Sent: Oct 24, 2011 4:31 AM

I run apparmor + apache2-mpm-itk+ debian squeezy

i don't have any idea for fixed some error in error.log:

[Mon Oct 24 12:37:17 2011] [warn] (itkmpm: pid=817 uid=0, gid=33) itk_post_perdir_config(): setuid(33): Operation not permitted
[Mon Oct 24 12:37:17 2011] [warn] Couldn't set uid/gid/priority, closing connection.

i generate aa-genprof apache2 (itk)


what i must add to: usr.lib.apache2.mpm-itk.apache2 for fixed my problem ?

best regards

AppArmor mailing list
AppArmor at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

More information about the AppArmor mailing list