[apparmor] RFC: Patch [Bug 1207424] Re: mod_apparmor should let me use ServerName as default hat name

John Johansen john.johansen at canonical.com
Sat Aug 10 00:13:10 UTC 2013 

On 08/09/2013 05:03 PM, Seth Arnold wrote:
> On Fri, Aug 02, 2013 at 01:41:37AM -0700, John Johansen wrote:
>> This is a first pass at providing the feature requested in Bug 1207424
>>
>> It leverages the appache config option
>>
>>   AADefaultHatName
>>
>> and when its value is specified as
>>   <hostname>
>>
>> the hostname will be looked up and used.  Obviously this patch isn't
>> complete, but its a first pass and I wanted feedback before I put any
>> more work into it.
> 
> I don't think this is it; this will use whatever the machine thinks its
> hostname is, rather than the virtual host that apache is currently
> serving a request for.
> 
right, the question now is do we want to support <hostname> and <vhostname>?

> It might be "too dynamic", but if we modify immunix_enter_hat() to
> follow r->server_rec->server_hostname, I believe that's the data we
> need when we need it. Populating the scfg->hat_name with this data might
> also work, and be less dynamic (lower overhead) but that'd require more
> reading...
> 
yep, I was going to try updating the patch this weekend

> Thanks
> 
>> ---
>>
>> === modified file 'changehat/mod_apparmor/mod_apparmor.c'
>> --- changehat/mod_apparmor/mod_apparmor.c	2011-02-08 16:18:36 +0000
>> +++ changehat/mod_apparmor/mod_apparmor.c	2013-08-02 08:36:24 +0000
>> @@ -48,6 +48,7 @@
>>  typedef struct {
>>  	const char * hat_name;
>>  	int is_initialized;
>> +	char hostname[HOST_NAME_MAX + 1];
>>  } immunix_srv_cfg;
>>  
>>  /* immunix_init() gets invoked in the post_config stage of apache.
>> @@ -235,6 +236,17 @@
>>      			parm1 ? parm1 : "DEFAULT");
>>      immunix_srv_cfg * scfg = mconfig;
>>      if (parm1 != NULL) {
>> +        if (strcmp(parm1, "<hostname>") == 0) {
>> +            if (gethostname(scfg->hostname, HOST_NAME_MAX+1)) {
>> +                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
>> +			     "AADefaultHatName could not obtain hostname "
>> +                             " required by config");
>> +		/* TODO: what is the correct behavior for a failure here */
>> +    	        scfg->hat_name = "DEFAULT";
>> +            } else {
>> +                scfg->hat_name = scfg->hostname;
>> +            }
>> +      } else
>>      	scfg->hat_name = parm1;
>>      } else {
>>      	scfg->hat_name = "DEFAULT";
>>
>>
>> -- 
>> AppArmor mailing list
>> AppArmor at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>>
>>
>>

More information about the AppArmor mailing list