Mailinglist Archive: opensuse-packaging (85 mails)
| < Previous | Next > |
Re: [opensuse-packaging] is use of /srv/www in packages good practice?
- From: Christian Boltz <opensuse@xxxxxxxxx>
- Date: Sat, 21 Jun 2008 01:00:39 +0200
- Message-id: <200806210100.40218@xxxxxxxxxxxxxxx>
Hello,
on Freitag, 20. Juni 2008, Ludwig Nussel wrote:
Yes, in a perfect world, separate apparmor profiles would be a good
thing. In this case, it would be hats in the httpd2 profile.
Unfortunately, it's quite interesting[tm] to add a hat to an existing
profile - my current solution is basically
( grep -v '^}$' profile ; cat hat ; echo '}' ) > profile.new
which is for sure not suitable for inclusion in a rpm package ;-)
IIRC the newest apparmor (in 11.0) supports an alternative hat syntax
/usr/sbin/httpd2-prefork//hatname {
(I didn't test this yet). _If_ it is possible to define a hat this way
in a separate file (outside the main profile), packaging would be much
easier...
Regards,
Christian Boltz
--
[checkinstall] is a tool that allows you to keep your
brain in suspend mode. [Robert Schiele in opensuse]
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
on Freitag, 20. Juni 2008, Ludwig Nussel wrote:
Herbert Graeber wrote:
One thing I discovered that might infer with an out of
/srv/www/htdocs installation is apparmor. It seems that it expects
that all web pages are installed below /srv/www/htdocs. For
packages installed elsewhere it's rules must be modified.
Good point. Although shouldn't different apps also have different
profiles? There is no need for e.g. phpMyAdmin scripts to be able to
access mediawiki files and vice versa.
Yes, in a perfect world, separate apparmor profiles would be a good
thing. In this case, it would be hats in the httpd2 profile.
Unfortunately, it's quite interesting[tm] to add a hat to an existing
profile - my current solution is basically
( grep -v '^}$' profile ; cat hat ; echo '}' ) > profile.new
which is for sure not suitable for inclusion in a rpm package ;-)
IIRC the newest apparmor (in 11.0) supports an alternative hat syntax
/usr/sbin/httpd2-prefork//hatname {
(I didn't test this yet). _If_ it is possible to define a hat this way
in a separate file (outside the main profile), packaging would be much
easier...
Regards,
Christian Boltz
--
[checkinstall] is a tool that allows you to keep your
brain in suspend mode. [Robert Schiele in opensuse]
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
| < Previous | Next > |