[apparmor] WTF changed in latest aa-enforce?!
Aaron Lewis
the.warl0ck.1989 at gmail.com
Wed Aug 13 04:51:18 UTC 2014
I just upgraded to Ubuntu 14.04 and every profile I write is invalid now, WTF?
Did you guys complete rewritten all script with python? That's really FUNNY
apparmor.common.AppArmorException: "Syntax Error: Missing '}' .
Reached end of file /etc/apparmor.d/usr.sbin.nginx while inside
profile /usr/sbin/nginx"
# cat /etc/apparmor.d/usr.sbin.nginx
# Last Modified: Tue Jun 17 00:27:26 2014
#include <tunables/global>
/usr/sbin/nginx {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/openssl>
capability chown,
capability dac_override,
capability net_bind_service,
capability setgid,
capability setuid,
network inet stream,
/etc/nginx/{,**} r,
owner /proc/*/auxv r,
/run/nginx.pid rw,
/srv/{**,} r,
/usr/bin/nginx mr,
/usr/share/nginx/{**,} r,
/var/html/{**,} r,
/var/lib/nginx/fastcgi/{**,} mrw,
/var/log/nginx/{*,} w
}
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the AppArmor
mailing list