lighttpd
/
spawn-fcgi
2
0
Fork 0
Code Issues Releases Wiki Activity

Add workaround for AppArmor bug with relocated binaries

Browse Source 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@72 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
master
Stefan Bühler 9 years ago
parent 2ee3dd6d1c
commit 228420c2a4
1 changed files with 7 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      doc/apparmor.d-abstractions-spawn-fcgi

7
doc/apparmor.d-abstractions-spawn-fcgi
Unescape View File

@ -41,4 +41,11 @@ network inet6 stream,
network inet dgram,
network inet6 dgram,
# if the binary is compiled with hardening options it might try to make a
# previously writable mmapped area readonly (RELRO, mprotect PROT_READ), which
# requires additional permissions in AppArmor.
# more permissions -> more secure, obviously.
# again match standard location + debian alternatives:
/usr/bin/spawn-fcgi* r,
/{,var/}run/*.sock rw,

Write Preview
Loading…
Cancel
Save