[apparmor] unexpected apparmor logs
intrigeri
intrigeri at debian.org
Mon Mar 26 12:44:41 UTC 2018
apparmor at raf.org:
>> This does not match name="/run/lock/apache2/mpm-accept-0.22001"
>>
>> What about the broader:
>>
>> /{var/,}run/lock/apache2/mpm-accept* wk,
>>
>> ?
>>
>> Cheers,
>> --
>> intrigeri
> hi,
> ah, i see it now. there's a "-" before the 0 where the rule
> is expecting a ".".
> so, a better rule is:
> /{var/,}run/lock/apache2/mpm-accept[.-][0-9]* wk,
> to accept either a "." or "-" before the first digit.
OK.
I don't understand where your profile comes from though:
there's no rule about /run/lock/apache2 in the
/etc/apparmor.d/usr.sbin.apache2 file that's shipped by the
libapache2-mod-apparmor package in Debian 9 (Stretch).
Cheers,
--
intrigeri
More information about the AppArmor
mailing list