logo

apparmor.d

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/apparmor.d.git

usr.lib.apache2.mpm-prefork.apache2 (2122B)

    

  1. # Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
  3. abi <abi/3.0>,
  5. include <tunables/global>
  6. /usr/lib/apache2/mpm-prefork/apache2 {
  8.   # This profile is completely permissive.
  9.   # It is designed to target specific applications using mod_apparmor,
  10.   # hats, and the apache2.d directory.
  11.   #
  12.   # In order to enable this profile, you must:
  13.   #
  14.   # 1- Enable it:
  15.   #    sudo aa-enforce /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
  16.   #
  17.   # 2- Load the mod_apparmor module:
  18.   #    sudo a2enmod apparmor
  19.   #
  20.   # 3- Place an appropriate profile containing the desired hat in the
  21.   #    /etc/apparmor.d/apache2.d directory.  Such profiles should probably
  22.   #    include the "apache2-common" abstraction.
  23.   #
  24.   # 4- Use the "AADefaultHatName" apache configuration option to specify a
  25.   #    hat to be used for a given apache virtualhost or "AAHatName" for
  26.   #    a given apache directory or location directive.
  27.   #
  28.   #
  29.   # There is an example profile for phpsysinfo included in the
  30.   # apparmor-profiles package. To try it:
  31.   #
  32.   # 1- Install the phpsysinfo and the apparmor-profiles packages:
  33.   #    sudo apt-get install phpsysinfo apparmor-profiles
  34.   #
  35.   # 2- Enable the main apache2 profile
  36.   #    sudo aa-enforce /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
  37.   #
  38.   # 3- Configure apache with the following:
  39.   #    <Directory /var/www/phpsysinfo/>
  40.   #        AAHatName phpsysinfo
  41.   #    </Directory>
  42.   #
  44.   include <abstractions/base>
  45.   include <abstractions/nameservice>
  47.   capability chown,
  48.   capability kill,
  49.   capability net_bind_service,
  50.   capability setgid,
  51.   capability setuid,
  52.   capability sys_tty_config,
  54.   / rw,
  55.   /** mrwlkix,
  58.   ^DEFAULT_URI {
  59.     include <abstractions/base>
  60.     include <abstractions/nameservice>
  62.     / rw,
  63.     /** mrwlkix,
  65.   }
  67.   ^HANDLING_UNTRUSTED_INPUT {
  68.     include <abstractions/nameservice>
  70.     / rw,
  71.     /** mrwlkix,
  73.   }
  75.   # This directory contains web application
  76.   # package-specific apparmor files.
  78.   include <apache2.d>
  80.   # Site-specific additions and overrides. See local/README for details.
  81.   include if exists <local/usr.lib.apache2.mpm-prefork.apache2>
  82. }