AppArmor profile exchange

Find profiles by name | Find profiles by author | Find profiles by name and author | List all profiles | List all users | My profiles | New profile | Anonymous | Login
/usr/sbin/httpd2-prefork abbadon Fri Oct 30 19:08:03 +0100 2009 4 views
apparmor_apache.changelog 
# $Id: usr.sbin.httpd2-prefork 706 2007-05-31 06:58:22Z steve-beattie $
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2005 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#include <tunables/global>

/usr/sbin/httpd2-prefork flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/kerberosclient>
  #include <abstractions/nameservice>
  #include <abstractions/perl>

  capability dac_override,
  capability kill,
  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_tty_config,


  /dev/random r,
  /etc/apache2/*.conf r,
  /etc/apache2/magic r,
  /etc/apache2/mod_perl-startup.pl r,
  /etc/apache2/ssl.crt/*.crt r,
  /etc/apache2/ssl.key/*.key r,
  /etc/apache2/{conf,sysconfig,vhosts}.d/ r,
  /etc/apache2/{conf,sysconfig,vhosts}.d/* r,
  /etc/fstab r,
  /etc/mime.types r,
  /etc/mtab r,
  /etc/odbcinst.ini r,
  /etc/php.d/ r,
  /etc/php.d/** r,
  /etc/php.ini r,
  owner /etc/php5/apache2/php.ini r,
  owner /etc/php5/conf.d/ r,
  owner /etc/php5/conf.d/bz2.ini r,
  owner /etc/php5/conf.d/ctype.ini r,
  owner /etc/php5/conf.d/curl.ini r,
  owner /etc/php5/conf.d/dom.ini r,
  owner /etc/php5/conf.d/gd.ini r,
  owner /etc/php5/conf.d/hash.ini r,
  owner /etc/php5/conf.d/iconv.ini r,
  owner /etc/php5/conf.d/json.ini r,
  owner /etc/php5/conf.d/mbstring.ini r,
  owner /etc/php5/conf.d/mcrypt.ini r,
  owner /etc/php5/conf.d/mysql.ini r,
  owner /etc/php5/conf.d/mysqli.ini r,
  owner /etc/php5/conf.d/openssl.ini r,
  owner /etc/php5/conf.d/pdo.ini r,
  owner /etc/php5/conf.d/pdo_mysql.ini r,
  owner /etc/php5/conf.d/pdo_pgsql.ini r,
  owner /etc/php5/conf.d/pdo_sqlite.ini r,
  owner /etc/php5/conf.d/pgsql.ini r,
  owner /etc/php5/conf.d/sqlite.ini r,
  owner /etc/php5/conf.d/tokenizer.ini r,
  owner /etc/php5/conf.d/xmlreader.ini r,
  owner /etc/php5/conf.d/xmlwriter.ini r,
  owner /etc/php5/conf.d/zlib.ini r,
  /srv/www/htdocs r,
  /srv/www/htdocs/** r,
  /srv/www/icons/*.{gif,jpg,png} r,
  /srv/www/vhosts r,
  /srv/www/vhosts/** r,
  /tmp/auth_ldap_cache.sem wl,
  /tmp/session_mm_apache0.sem wl,
  /tmp/session_mm_apache2handler0.sem wl,
  /usr/X11R6/lib/lib*.so* mr,
  /usr/X11R6/lib64/lib*.so* mr,
  /usr/apache2/error/* r,
  owner /usr/lib/** mr,
  /usr/lib/apache2-leader/{lib,mod_}*.so* mr,
  /usr/lib/apache2-metuxmpm/{lib,mod_}*.so* mr,
  /usr/lib/apache2-prefork/{lib,mod_}*.so* mr,
  /usr/lib/apache2-worker/{lib,mod_}*.so* mr,
  /usr/lib/apache2/modules/{lib,mod_}*.so* mr,
  /usr/lib/apache2/{lib,mod_}*.so mr,
  /usr/lib/mysql/libmysql*.so* mr,
  /usr/lib/php/extensions/*.so mr,
  /usr/lib/php4/*.so mr,
  /usr/lib/python[12].[0-9]/**.{py,pyc,pth,so} mr,
  /usr/lib/qt3/lib/lib*.so* mr,
  owner /usr/lib64/** m,
  /usr/lib64/** r,
  /usr/lib64/apache2-leader/{lib,mod_}*.so* mr,
  /usr/lib64/apache2-metuxmpm/{lib,mod_}*.so* mr,
  /usr/lib64/apache2-prefork/{lib,mod_}*.so* mr,
  /usr/lib64/apache2-worker/{lib,mod_}*.so* mr,
  /usr/lib64/apache2/modules/{lib,mod_}*.so* mr,
  /usr/lib64/apache2/{lib,mod_}*.so* mr,
  /usr/lib64/mysql/libmysql*.so* mr,
  /usr/lib64/php/extensions/*.so mr,
  /usr/lib64/php4/*.so mr,
  /usr/lib64/python[12].[0-9]/**.{py,pyc,pth,so} mr,
  /usr/lib64/qt3/lib/lib*.so* mr,
  /usr/local/tomcat/conf/mod_jk.conf r,
  /usr/local/tomcat/conf/workers-ajp12.properties r,
  /usr/sbin/httpd2-prefork r,
  /usr/sbin/suexec2 mrix,
  /usr/share/apache2/** r,
  /usr/share/apache2/error/* r,
  /usr/share/apache2/error/include/* r,
  /usr/share/misc/magic.mime r,
  /usr/share/snmp/mibs r,
  /usr/share/snmp/mibs/*.{txt,mib} r,
  /usr/share/snmp/mibs/.index rw,
  /usr/share/ssl/openssl.cnf r,
  /var/lib/php/sess_* rwl,
  owner /var/lib/php5/session_mm_apache2handler0.sem wk,
  /var/lock/httpd2.lock.* wl,
  /var/log/apache2/* rwl,
  /var/log/apache2/** rwl,
  /var/log/httpd/ssl_scache.dir r,
  /var/log/httpd/ssl_scache.pag r,
  /var/run/httpd2.mm.* wl,
  /var/run/httpd2.pid wl,
  /var/www/error/* r,
  /var/www/html/** r,
  /var/www/icons/*.{gif,jpg,png} r,
  @{HOME}/public_html r,
  @{HOME}/public_html/** r,


  ^DEFAULT_URI flags=(complain) {
    #include <abstractions/base>
    #include <abstractions/nameservice>


    /srv/www/htdocs r,
    /srv/www/htdocs/** r,
    /srv/www/icons/*.{gif,jpg,png} r,
    /srv/www/vhosts r,
    /srv/www/vhosts/** r,
    /usr/sbin/suexec2 mrix,
    /usr/share/apache2/** r,
    /var/lib/php/sess_* rwl,
    /var/log/apache2/** rwl,
    /var/www/error/* r,
    /var/www/html/** r,
    /var/www/icons/*.{gif,jpg,png} r,
    @{HOME}/public_html r,
    @{HOME}/public_html/** r,

  }

  ^HANDLING_UNTRUSTED_INPUT flags=(complain) {
    #include <abstractions/nameservice>


    /**.htaccess r,
    /var/log/apache2/* w,

  }
}

Edit | Show | History