apache2-common (1119B)
- # vim:syntax=apparmor
- # This file contains basic permissions for Apache and every vHost
- abi <abi/3.0>,
- include <abstractions/nameservice>
- # Allow other processes to read our /proc entries
- ptrace (readby),
- # Allow other processes to trace us by default
- ptrace (tracedby),
- # Allow unconfined processes to send us signals by default
- signal (receive) peer=unconfined,
- # Allow apache to send us signals by default
- signal (receive) peer=apache2,
- # Allow other hats to signal by default
- signal peer=apache2//*,
- # Allow us to signal ourselves
- signal peer=@{profile_name},
- # Apache
- network inet stream,
- network inet6 stream,
- # apache manual, error pages and icons
- /usr/share/apache2/** r,
- # changehat itself
- @{PROC}/@{pid}/attr/{apparmor/,}current rw,
- # htaccess files - for what ever it is worth
- /**/.htaccess r,
- /dev/urandom r,
- # sasl-auth
- @{run}/saslauthd/mux rw,
- # OCSP stapling
- @{run}/lock/apache2/stapling-cache* rw,
- # Include additions to the abstraction
- include if exists <abstractions/apache2-common.d>