touch-packages team mailing list archive

Thread
Date

[Bug 583896] Re: libapache2-mod-apparmor profile fails when mod-fcgid is enabled and gives little error information

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Wed, 08 Oct 2014 21:56:08 -0000
Reply-to: Bug 583896 <583896@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This was fixed some time ago.

** Changed in: apparmor (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/583896

Title:
  libapache2-mod-apparmor profile fails when mod-fcgid is enabled and
  gives little error information

Status in “apparmor” package in Ubuntu:
  Fix Released

Bug description:
  Binary package hint: apparmor

  Install enviroment:
  sudo apt-get install php5-cgi libapache2-mod-fcgid apache2-suexec
  sudo apt-get install libapache2-mod-apparmor phpsysinfo apparmor-profiles

  sudo apparmor_parser -r /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
  sudo aa-enforce /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
  /etc/init.d/apache2 restart

  ==> audit/audit.log <==
  type=APPARMOR_DENIED msg=audit(1274457023.718:186):  operation="capable" pid=16414 parent=1 profile="/usr/lib/apache2/mpm-prefork/apache2" name="dac_override"

  ==> apache2/error.log <==
  [Fri May 21 17:50:23 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
  [Fri May 21 17:50:23 2010] [emerg] (17)File exists: mod_fcgid: Can't create shared memory for size 13018600 bytes

  The APPARMOR_DENIED error only comes on first restart.

  Adding "capability dac_override," to  /etc/apparmor.d/usr.lib.apache2
  .mpm-prefork.apache2 fixes the problem.

  Regards Troels.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/583896/+subscriptions