Browse Source

Add example apparmor spawn-fcgi abstraction

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@60 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
master
Stefan Bühler 7 years ago
parent
commit
132cae5232
  1. 1
      NEWS
  2. 2
      doc/Makefile.am
  3. 20
      doc/apparmor.d-abstractions-spawn-fcgi

1
NEWS

@ -7,6 +7,7 @@ NEWS
* Use octal mode for -M (patch by dfjoerg)
* Add -b backlog option (fixes #2422, patch by aschmitz)
* Restrict Unix socket file ownership by default to ug=rw
* Add example apparmor spawn-fcgi abstraction
- 1.6.3 - 2009-09-23
* Fix unix socket mode change to work without specifying user/group for socket

2
doc/Makefile.am

@ -1 +1 @@
EXTRA_DIST=run-generic run-php run-rails
EXTRA_DIST=run-generic run-php run-rails apparmor.d-abstractions-spawn-fcgi

20
doc/apparmor.d-abstractions-spawn-fcgi

@ -0,0 +1,20 @@
# /etc/apparmor.d/abstractions/spawn-fcgi
#
# a spawn-fcgi profile should include this abstraction
# and a rule to execute the FastCGI application itself
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability chown,
capability dac_override,
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
/{,var/}run/*.sock rw,
Loading…
Cancel
Save