[apparmor] trouble with nested grandchild profiles
apparmor at raf.org
apparmor at raf.org
Wed Sep 9 19:53:31 UTC 2015
John Johansen wrote:
> It should work if you transform you Cx rule in the indexcgi_profile to a Px
> rule.
>
> /usr/sbin/apache2 flags=(complain) {
> /path/to/index.cgi rCx -> indexcgi_profile,
> profile indexcgi_profile flags=(complain) {
> #use Px to -> to grandchild so we can avoid parser broken Cx mapping for grandchildren
> /usr/bin/mutt-org rPx -> /usr/sbin/apache2//indexcgi_profile//mutt_profile,
> }
> }
> #external grandchild profile, must come after grand parent and parent are defined
> profile /usr/sbin/apache2//indexcgi_profile//mutt_profile flags=(complain) {
> }
>
> should work for you.
It does work. Many thanks.
cheers,
raf
More information about the AppArmor
mailing list