lighttpd
/
spawn-fcgi
2
0
Fork 0
Code Issues Releases 5 Wiki Activity
Browse Source

Add workaround for AppArmor bug with relocated binaries 

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@72 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
master
Stefan Bühler 6 years ago
parent
2ee3dd6d1c
commit
228420c2a4
1 changed files with 7 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +7
    -0
      doc/apparmor.d-abstractions-spawn-fcgi

+ 7
- 0
doc/apparmor.d-abstractions-spawn-fcgi View File

@ -41,4 +41,11 @@ network inet6 stream,
network inet dgram,
network inet6 dgram,
# if the binary is compiled with hardening options it might try to make a
# previously writable mmapped area readonly (RELRO, mprotect PROT_READ), which
# requires additional permissions in AppArmor.
# more permissions -> more secure, obviously.
# again match standard location + debian alternatives:
/usr/bin/spawn-fcgi* r,
/{,var/}run/*.sock rw,

Write Preview
Loading…
Cancel
Save