[apparmor] WTF changed in latest aa-enforce?!
Aaron Lewis
the.warl0ck.1989 at gmail.com
Wed Aug 13 05:10:21 UTC 2014
Alright I just saved my application server.
Please, TEST your syntax parser before you complete REWRITTEN
everything, are you trying to remove the "/path/{,**} rw" syntax?
On Wed, Aug 13, 2014 at 12:51 PM, Aaron Lewis
<the.warl0ck.1989 at gmail.com> wrote:
> I just upgraded to Ubuntu 14.04 and every profile I write is invalid now, WTF?
> Did you guys complete rewritten all script with python? That's really FUNNY
>
> apparmor.common.AppArmorException: "Syntax Error: Missing '}' .
> Reached end of file /etc/apparmor.d/usr.sbin.nginx while inside
> profile /usr/sbin/nginx"
>
>
> # cat /etc/apparmor.d/usr.sbin.nginx
> # Last Modified: Tue Jun 17 00:27:26 2014
> #include <tunables/global>
>
> /usr/sbin/nginx {
> #include <abstractions/base>
> #include <abstractions/nameservice>
> #include <abstractions/openssl>
>
> capability chown,
> capability dac_override,
> capability net_bind_service,
> capability setgid,
> capability setuid,
>
> network inet stream,
>
> /etc/nginx/{,**} r,
> owner /proc/*/auxv r,
> /run/nginx.pid rw,
> /srv/{**,} r,
> /usr/bin/nginx mr,
> /usr/share/nginx/{**,} r,
> /var/html/{**,} r,
> /var/lib/nginx/fastcgi/{**,} mrw,
> /var/log/nginx/{*,} w
> }
>
>
> --
> Best Regards,
> Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
> Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the AppArmor
mailing list