script to add a hat to a profile
Bug #1014298 reported by
Christian Boltz
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
I'm using a script to add hats for each vhost in my apache profile (attached for reference).
This works, but it uses some ugly sed tricks (for example, it removes ^}$ from the profile) to work. This also means that it might break a manually edited profile if someone removed the whitespace in front of } of a hat.
It would be much better to have an aa-addhat script that can add a hat with a given ruleset to a profile and "understands" the profile language (like logprof/genprof do) so that it doesn't need to do sed tricks ;-)
The syntax {c,sh}ould be something like
aa-addhat /usr/sbin/
/home/
(yes, the last parameter can be multiline)
Revision history for this message
| Christian Boltz (cboltz) wrote | #1 |
Revision history for this message
| Lutz-Peter Hooge (lphooge) wrote | #2 |
| Changed in apparmor: | |
| status: | New → Triaged |
| tags: | added: aa-tools |
Revision history for this message
| Christian Boltz (cboltz) wrote | #3 |
To post a comment you must log in.
Here is my solution, not a general tool for adding hats to profiles, but specifically for generating hats from apache-vhosts and also adding small config snippets that can be included in the corresponding vhosts.
php-cli is needed for the script, but if you need this you probably have that installed anyway