You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 lines
849 B
Plaintext
35 lines
849 B
Plaintext
2 years ago
|
# vim:syntax=apparmor
|
||
|
|
||
|
# This file contains basic permissions for Apache and every vHost
|
||
|
|
||
|
#include <abstractions/nameservice>
|
||
|
|
||
|
# Allow unconfined processes to send us signals by default
|
||
|
signal (receive) peer=unconfined,
|
||
|
# Allow apache to send us signals by default
|
||
|
signal (receive) peer=apache2,
|
||
|
# Allow other hats to signal by default
|
||
|
signal peer=apache2//*,
|
||
|
# Allow us to signal ourselves
|
||
|
signal peer=@{profile_name},
|
||
|
|
||
|
# Apache
|
||
|
network inet stream,
|
||
|
network inet6 stream,
|
||
|
# apache manual, error pages and icons
|
||
|
/usr/share/apache2/** r,
|
||
|
|
||
|
# changehat itself
|
||
|
@{PROC}/@{pid}/attr/current rw,
|
||
|
|
||
|
# htaccess files - for what ever it is worth
|
||
|
/**/.htaccess r,
|
||
|
|
||
|
/dev/urandom r,
|
||
|
|
||
|
# sasl-auth
|
||
|
/run/saslauthd/mux rw,
|
||
|
|
||
|
# OCSP stapling
|
||
|
/var/log/apache2/stapling-cache rw,
|