[apparmor] [PATCH] profiles: Allow CAP_CHOWN in usr.lib.apache2.mpm-prefork.apache2
Steve Beattie
steve at nxnw.org
Sat Mar 19 08:04:01 UTC 2016
On Sat, Mar 19, 2016 at 12:49:23AM -0500, Tyler Hicks wrote:
> https://launchpad.net/bugs/1210514
>
> It looks plausible to me that prefork_open_logs() ->
> ap_proc_mutex_create() -> ap_unixd_set_proc_mutex_perms() -> chown().
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>. Thanks.
> ---
> profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
> index 3bcb486..eace90c 100644
> --- a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
> +++ b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
> @@ -42,6 +42,7 @@
> #include <abstractions/base>
> #include <abstractions/nameservice>
>
> + capability chown,
> capability kill,
> capability net_bind_service,
> capability setgid,
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160319/d04adb31/attachment.pgp>
More information about the AppArmor
mailing list