[apparmor] apache2 profile update
Simon Deziel
simon.deziel at gmail.com
Mon Sep 8 21:46:49 UTC 2014
On 09/08/2014 05:27 PM, Jamie Strandboge wrote:
> Index: apparmor-2.8.96~2652/profiles/apparmor.d/usr.sbin.apache2
> ===================================================================
> --- apparmor-2.8.96~2652.orig/profiles/apparmor.d/usr.sbin.apache2
> +++ apparmor-2.8.96~2652/profiles/apparmor.d/usr.sbin.apache2
> @@ -53,13 +53,20 @@
> # 2- Enable the main apache2 profile
> # sudo aa-enforce /etc/apparmor.d/usr.sbin.apache2
> #
> - # 3- Configure apache with the following:
> + # 3- Configure apache with the following (or similar):
> + # Alias /phpsysinfo /usr/share/phpsysinfo
> + # <Location /phpsysinfo>
> + # <IfModule mod_apparmor.c>
> + # AAHatName phpsysinfo
> + # </IfModule>
> #
> - # <Directory /var/www/phpsysinfo/>
> - # <IfModule mod_apparmor.c>
> - # AAHatName phpsysinfo
> - # </IfModule>
> - # </Directory>
> + # # adjust as necessary:
> + # Options None
> + # Order allow,deny
> + # Allow from localhost 127.0.0.0/8 ::1
> + # Allow from 192.168.0.0/16
> + # # Allow from All
Just a minor nitpick: the "Order", "Allow from" and "Allow from All"
should IMHO be replaced by the newer directives:
Require local
Require ip 192.168.0.0/16
This avoids a dependency on the access_compat.so module (even if it's in
Ubuntu's default).
Regards,
Simon
More information about the AppArmor
mailing list