[apparmor] RFC: Patch [Bug 1207424] Re: mod_apparmor should let me use ServerName as default hat name
Seth Arnold
seth.arnold at canonical.com
Sat Aug 10 00:03:22 UTC 2013
On Fri, Aug 02, 2013 at 01:41:37AM -0700, John Johansen wrote:
> This is a first pass at providing the feature requested in Bug 1207424
>
> It leverages the appache config option
>
> AADefaultHatName
>
> and when its value is specified as
> <hostname>
>
> the hostname will be looked up and used. Obviously this patch isn't
> complete, but its a first pass and I wanted feedback before I put any
> more work into it.
I don't think this is it; this will use whatever the machine thinks its
hostname is, rather than the virtual host that apache is currently
serving a request for.
It might be "too dynamic", but if we modify immunix_enter_hat() to
follow r->server_rec->server_hostname, I believe that's the data we
need when we need it. Populating the scfg->hat_name with this data might
also work, and be less dynamic (lower overhead) but that'd require more
reading...
Thanks
> ---
>
> === modified file 'changehat/mod_apparmor/mod_apparmor.c'
> --- changehat/mod_apparmor/mod_apparmor.c 2011-02-08 16:18:36 +0000
> +++ changehat/mod_apparmor/mod_apparmor.c 2013-08-02 08:36:24 +0000
> @@ -48,6 +48,7 @@
> typedef struct {
> const char * hat_name;
> int is_initialized;
> + char hostname[HOST_NAME_MAX + 1];
> } immunix_srv_cfg;
>
> /* immunix_init() gets invoked in the post_config stage of apache.
> @@ -235,6 +236,17 @@
> parm1 ? parm1 : "DEFAULT");
> immunix_srv_cfg * scfg = mconfig;
> if (parm1 != NULL) {
> + if (strcmp(parm1, "<hostname>") == 0) {
> + if (gethostname(scfg->hostname, HOST_NAME_MAX+1)) {
> + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
> + "AADefaultHatName could not obtain hostname "
> + " required by config");
> + /* TODO: what is the correct behavior for a failure here */
> + scfg->hat_name = "DEFAULT";
> + } else {
> + scfg->hat_name = scfg->hostname;
> + }
> + } else
> scfg->hat_name = parm1;
> } else {
> scfg->hat_name = "DEFAULT";
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130809/3375bf40/attachment.pgp>
More information about the AppArmor
mailing list