[apparmor] [Bug 925894] [NEW] logprof creates duplicate profile
Jeroen Ooms
925894 at bugs.launchpad.net
Fri Feb 3 07:16:13 UTC 2012
Public bug reported:
I have a hat profile defined in the /etc/apparmor.d/apache2.d/
directory. However when saving changes, aa-logprof creates a new profile
with the same hatname in usr.lib.apache2.mpm-prefork.apache2 anyway,
resulting in a "duplicate profile" error on next restart. Instead I
think it should append it to the existing profile in
/etc/apparmor.d/apache2.d.
To reproduce
- install libapache2-mod-apparmor and apache2-mpm-prefork
- create a file e.g. /etc/apparmor.d/apache2.d/mysite:
^mysite flags=(complain) {
#include <abstractions/base>
#include <abstractions/nameservice>
}
And assign it to some directory in Apache2:
<Directory /var/www/mysite>
Options Indexes FollowSymLinks
AAHatName mysite
</Directory>
Then load the site in your browser.
- Run aa-logprof, and save some changes.
- logprof will have created an additional ^mysite inside the usr.lib.apache2.mpm-prefork.apache2 resulting in apparmor failing to load next time.
** Affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/925894
Title:
logprof creates duplicate profile
Status in AppArmor Linux application security framework:
New
Bug description:
I have a hat profile defined in the /etc/apparmor.d/apache2.d/
directory. However when saving changes, aa-logprof creates a new
profile with the same hatname in usr.lib.apache2.mpm-prefork.apache2
anyway, resulting in a "duplicate profile" error on next restart.
Instead I think it should append it to the existing profile in
/etc/apparmor.d/apache2.d.
To reproduce
- install libapache2-mod-apparmor and apache2-mpm-prefork
- create a file e.g. /etc/apparmor.d/apache2.d/mysite:
^mysite flags=(complain) {
#include <abstractions/base>
#include <abstractions/nameservice>
}
And assign it to some directory in Apache2:
<Directory /var/www/mysite>
Options Indexes FollowSymLinks
AAHatName mysite
</Directory>
Then load the site in your browser.
- Run aa-logprof, and save some changes.
- logprof will have created an additional ^mysite inside the usr.lib.apache2.mpm-prefork.apache2 resulting in apparmor failing to load next time.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/925894/+subscriptions
More information about the AppArmor
mailing list