[pkg-apparmor] Bug#1003153: Bug#1003153: /etc/apparmor.d/usr.sbin.apache2: Apache profile complains when ss -tnlp is run
intrigeri
intrigeri at debian.org
Sat Feb 12 09:28:14 GMT 2022
Control: tag -1 + upstream
Hi,
Craig Small (2022-01-05):
> On 2022-01-05 at 12:24, debian-bugs at cboltz.de wrote:
>> (Nevertheless, the apache hats should allow to be ptraced.
OK!
>> I'll leave that to the maintainer of the Apache profile in Debian -
>> and would love to see the fix upstreamed.)
I don't see anything Debian-specific here. Did I miss anything?
> I suppose all of the hats should have some line for this.
Makes sense!
In usr.sbin.apache2 I see 2 things:
- A few default hats that all include the "apache2-common"
abstraction
- doc that says every custom hat must include the "apache2-common"
abstraction
So it seems to me a good solution may be to allow being ptraced
in the "apache2-common" abstraction.
Would one of you be interested in proposing this upstream?
I'm not using Apache2 myself so I'm not a good person to work on this.
Cheers!
More information about the pkg-apparmor-team
mailing list