[apparmor] RFC: Patch [Bug 1207424] Re: mod_apparmor should let me use ServerName as default hat name
Kees Cook
kees at ubuntu.com
Tue Aug 6 23:59:40 UTC 2013
On Fri, Aug 02, 2013 at 01:41:37AM -0700, John Johansen wrote:
> This is a first pass at providing the feature requested in Bug 1207424
>
> It leverages the appache config option
>
> AADefaultHatName
>
> and when its value is specified as
> <hostname>
>
> the hostname will be looked up and used. Obviously this patch isn't
> complete, but its a first pass and I wanted feedback before I put any
> more work into it.
Hm, I don't think this is what the intention of the bug was describing.
This doesn't want to fall back to the actual host name, it wants
AADefaultHatName to contain the virtualhost ServerName. I assume this can
really only be implemented at check-time, with a similar "empty" value?
I.e. AADefaultHatName should contain the string "<vhost>" or something, and
at check time, "<vhost>" will be expanded to the servername of the
currently active vhost for the request.
I haven't read the code at all though, so I'm kind of guessing blindly. :)
-Kees
--
Kees Cook
More information about the AppArmor
mailing list