On Tue, Feb 27, 2007 at 07:18:29PM +0000, Peter Bradley wrote:
earlier. I had AppArmor going wild for no reason I could fathom and refusing to allow Apache to do all the things it needed to do (like access the file system). There are other, smaller, issues as well.
"Going wild"? What happened here? AppArmor hasn't shipped with an Apache profile turned on by default since 10.0; I can't recall what we did in 10.0, but that was an all-around depressing release of AppArmor. (Still based on the old Immunix business model, so it was "AppArmor lite".) If you haven't tried AppArmor since 10.0, I'd like to suggest you try it again. :) If you tried AppArmor in 10.1 or 10.2 and had problems with Apache after enabling the Apache profile (or starting your own), just run 'aa-genprof /usr/sbin/httpd2-prefork', exercise your webserver for a little while, and answer some questions. But if you could point out what happened with "going wild", it'd be nice to know. We do make mistakes. Thanks