[apparmor] [Bug 1014298] Re: script to add a hat to a profile
Christian Boltz
1014298 at bugs.launchpad.net
Sun Jun 17 13:38:47 UTC 2012
** Attachment added: "hackish script to add a hat to the apache profile"
https://bugs.launchpad.net/bugs/1014298/+attachment/3193605/+files/create-apparmor.conf
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/1014298
Title:
script to add a hat to a profile
Status in AppArmor Linux application security framework:
New
Bug description:
I'm using a script to add hats for each vhost in my apache profile
(attached for reference).
This works, but it uses some ugly sed tricks (for example, it removes
^}$ from the profile) to work. This also means that it might break a
manually edited profile if someone removed the whitespace in front of
} of a hat.
It would be much better to have an aa-addhat script that can add a hat
with a given ruleset to a profile and "understands" the profile
language (like logprof/genprof do) so that it doesn't need to do sed
tricks ;-)
The syntax {c,sh}ould be something like
aa-addhat /usr/sbin/httpd2-prefork vhost_foo " #include <abstractions/vhost_foo>
/home/www/foo/httpdocs/uploads/** rw,"
(yes, the last parameter can be multiline)
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1014298/+subscriptions
More information about the AppArmor
mailing list