File: usr.lib.apache2.mpm-prefork.apache2

package info (click to toggle)
apparmor 4.1.6-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 29,884 kB
  • sloc: ansic: 24,945; python: 24,914; cpp: 9,140; sh: 8,175; yacc: 2,061; makefile: 1,908; lex: 1,215; pascal: 1,147; perl: 1,033; ruby: 365; lisp: 282; exp: 250; java: 212; xml: 159
file content (82 lines) | stat: -rw-r--r-- 2,122 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>

abi <abi/4.0>,

include <tunables/global>
/usr/lib/apache2/mpm-prefork/apache2 {

  # This profile is completely permissive.
  # It is designed to target specific applications using mod_apparmor,
  # hats, and the apache2.d directory.
  #
  # In order to enable this profile, you must:
  #
  # 1- Enable it:
  #    sudo aa-enforce /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
  #
  # 2- Load the mod_apparmor module:
  #    sudo a2enmod apparmor
  #
  # 3- Place an appropriate profile containing the desired hat in the
  #    /etc/apparmor.d/apache2.d directory.  Such profiles should probably
  #    include the "apache2-common" abstraction.
  #
  # 4- Use the "AADefaultHatName" apache configuration option to specify a
  #    hat to be used for a given apache virtualhost or "AAHatName" for
  #    a given apache directory or location directive.
  #
  #
  # There is an example profile for phpsysinfo included in the
  # apparmor-profiles package. To try it:
  #
  # 1- Install the phpsysinfo and the apparmor-profiles packages:
  #    sudo apt-get install phpsysinfo apparmor-profiles
  #
  # 2- Enable the main apache2 profile
  #    sudo aa-enforce /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
  #
  # 3- Configure apache with the following:
  #    <Directory /var/www/phpsysinfo/>
  #        AAHatName phpsysinfo
  #    </Directory>
  #

  include <abstractions/base>
  include <abstractions/nameservice>

  capability chown,
  capability kill,
  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_tty_config,

  / rw,
  /** mrwlkix,


  ^DEFAULT_URI {
    include <abstractions/base>
    include <abstractions/nameservice>

    / rw,
    /** mrwlkix,

  }

  ^HANDLING_UNTRUSTED_INPUT {
    include <abstractions/nameservice>

    / rw,
    /** mrwlkix,

  }

  # This directory contains web application
  # package-specific apparmor files.

  include <apache2.d>

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/usr.lib.apache2.mpm-prefork.apache2>
}