[apparmor] [patch 07/11] mod_apparmor: make the ServerName be the default AADefaultHatName [resend]
John Johansen
john.johansen at canonical.com
Thu Jan 23 11:28:49 UTC 2014
On 01/23/2014 02:45 AM, Steve Beattie wrote:
> Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1207424
>
> This patch makes the default value for AADefaultHatName be the
> server/vhost name, which can be specified in apache via the ServerName
> configuration declaration. It can be overridden by setting
> AADefaultHatName directly. Thus, with this patch applied, the order of
> attempted hats will be:
>
> 1. try to aa_change_hat(2) into a matching AAHatName hat if it exists
> and applies, otherwise
> 2. try to aa_change_hat(2) into the URI itself, otherwise
> 3. try to aa_change_hat(2) into the value of ServerName, unless
> AADefaultHatName has been explicitly set for this server/vhost, in
> which case that value will be used, otherwise
> 4. try to aa_change_hat(2) into the DEFAULT_URI hat, if it exists,
> otherwise
> 5. fall back to the global Apache policy
>
> This should eliminate the need for most admins to define both
> ServerName and AADefaultHatName, unless there's a specific need for
> the values to deviate.
>
> Man page documentation is updated as well, though probably more
> wordsmithing is needed there for clarity.
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Looks good to me. Further word smithing can come as a separate patch
Acked-by: John Johansen <john.johansen at canonical.com>
More information about the AppArmor
mailing list