Hello, on Freitag, 20. Juni 2008, Ludwig Nussel wrote:
Herbert Graeber wrote:
One thing I discovered that might infer with an out of /srv/www/htdocs installation is apparmor. It seems that it expects that all web pages are installed below /srv/www/htdocs. For packages installed elsewhere it's rules must be modified.
Good point. Although shouldn't different apps also have different profiles? There is no need for e.g. phpMyAdmin scripts to be able to access mediawiki files and vice versa.
Yes, in a perfect world, separate apparmor profiles would be a good thing. In this case, it would be hats in the httpd2 profile. Unfortunately, it's quite interesting[tm] to add a hat to an existing profile - my current solution is basically ( grep -v '^}$' profile ; cat hat ; echo '}' ) > profile.new which is for sure not suitable for inclusion in a rpm package ;-) IIRC the newest apparmor (in 11.0) supports an alternative hat syntax /usr/sbin/httpd2-prefork//hatname { (I didn't test this yet). _If_ it is possible to define a hat this way in a separate file (outside the main profile), packaging would be much easier... Regards, Christian Boltz -- [checkinstall] is a tool that allows you to keep your brain in suspend mode. [Robert Schiele in opensuse] --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org