[apparmor] [PATCH] profiles: Allow CAP_CHOWN in usr.lib.apache2.mpm-prefork.apache2
Tyler Hicks
tyhicks at canonical.com
Sat Mar 19 05:49:23 UTC 2016
https://launchpad.net/bugs/1210514
It looks plausible to me that prefork_open_logs() ->
ap_proc_mutex_create() -> ap_unixd_set_proc_mutex_perms() -> chown().
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 | 1 +
1 file changed, 1 insertion(+)
diff --git a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
index 3bcb486..eace90c 100644
--- a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
+++ b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
@@ -42,6 +42,7 @@
#include <abstractions/base>
#include <abstractions/nameservice>
+ capability chown,
capability kill,
capability net_bind_service,
capability setgid,
--
2.7.3
More information about the AppArmor
mailing list