mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 00:14:44 +01:00
8250e061d4
Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1207424 This patch makes the default value for AADefaultHatName be the server/vhost name, which can be specified in apache via the ServerName configuration declaration. It can be overridden by setting AADefaultHatName directly. Thus, with this patch applied, the order of attempted hats will be: 1. try to aa_change_hat(2) into a matching AAHatName hat if it exists and applies, otherwise 2. try to aa_change_hat(2) into the URI itself, otherwise 3. try to aa_change_hat(2) into the value of ServerName, unless AADefaultHatName has been explicitly set for this server/vhost, in which case that value will be used, otherwise 4. try to aa_change_hat(2) into the DEFAULT_URI hat, if it exists, otherwise 5. fall back to the global Apache policy This should eliminate the need for most admins to define both ServerName and AADefaultHatName, unless there's a specific need for the values to deviate. Man page documentation is updated as well, though probably more wordsmithing is needed there for clarity. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com> |
||
|---|---|---|
| .. | ||
| mod_apparmor | ||
| pam_apparmor | ||
| tomcat_apparmor | ||