Browse Source

Add workaround for AppArmor bug with relocated binaries

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@72 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
tags/spawn-fcgi-1.6.4
Stefan Bühler 6 years ago
parent
commit
228420c2a4
1 changed files with 7 additions and 0 deletions
  1. +7
    -0
      doc/apparmor.d-abstractions-spawn-fcgi

+ 7
- 0
doc/apparmor.d-abstractions-spawn-fcgi View File

@@ -41,4 +41,11 @@ network inet6 stream,
network inet dgram,
network inet6 dgram,

# if the binary is compiled with hardening options it might try to make a
# previously writable mmapped area readonly (RELRO, mprotect PROT_READ), which
# requires additional permissions in AppArmor.
# more permissions -> more secure, obviously.
# again match standard location + debian alternatives:
/usr/bin/spawn-fcgi* r,

/{,var/}run/*.sock rw,

Loading…
Cancel
Save