[pkg-apparmor] Bug#876647: dh-apparmor: Please support /etc/apparmor.d/apache
Guido Günther
agx at sigxcpu.org
Sat Sep 30 09:20:24 UTC 2017
Hi,
On Sat, Sep 30, 2017 at 07:39:23AM +0200, intrigeri wrote:
> Hi,
>
> Guido Günther:
> > if a package drops a file into /etc/apparmor.d/apache we should do a
>
> > apparmor_parser -r /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
>
> I can't find any such profile in current sid. Apparently since a few
Since it's still sitting in new ;)
https://anonscm.debian.org/cgit/pkg-giraffe/kopano-webapp.git/commit/?id=7310d19e1de2bb028f81a5971de724e7af62d5a5
> years it's rather something like "if a package drops a file in
> /etc/apparmor.d/apache2.d then we should reload the usr.sbin.apache2
> profile". Right?
Exactly!
>
> > Since dh-apparmor has all the logic to detect that aa is in use it
> > would be great if it would handle this case as well.
>
> Agreed, this would be a nice addition! :)
>
> FTR I don't use AppArmor for Apache personally so there's very little
> chance I work on this any time soon. Patches are welcome.
>
> > This would make sure we handle things like #872266 too once fixed.
>
> Now you make me curious: I don't understand how this is related.
I just meant to say that once dh-apparmor unloads profiles this would
then automatically work for the above case as well once added to
dh-apparmor. So we get consistency within Debian (rather than having
some applications unload the profile on removal while others don't).
Cheers,
-- Guido
More information about the pkg-apparmor-team
mailing list