[apparmor] Variable paths
azurIt
azurit at pobox.sk
Wed Feb 18 11:20:46 UTC 2015
Hi,
i'm trying to create some kind of RBAC system for web applications using apparmor + mod_apparmor (Apache web server). mod_apparmor is able to assing different hats for different URIs, which is kinda cool. The problem is that i want to use the same hats for different users/domains who/which has files in different locations (i don't want to create one hat per user/domain because there are thousands of them). Is there any way how to create variable paths? For example:
@DOMAIN_DOCUMENT_ROOT/index.php r,
@DOMAIN_DOCUMENT_ROOT/tmp/* rw,
...
The 'DOMAIN_DOCUMENT_ROOT' should be some kind of variable passed via AAHatName/AADefaultHatName mod_apparmor directives or set as environmental variables inside Apache config file.
Or is it possible to set relative paths to current working directory?
Thank you.
azur
More information about the AppArmor
mailing list