View Full Version : [ubuntu] [Hardy] Apparmor - Restricting Apache2-ITK VirtualHosts

May 24th, 2008, 11:34 PM

I'm setting up a shared hosting solution, with apache2-mpm-itk for user management and libapache2-mod-chroot to chroot /var/www/ and I'm having trouble enforcing the a policy idea, here are the fundamentals:

1. 1 User per Vhost with a home directory in /var/www/$vhostuser

2. Allowed PHP (libapache2-mod-php5) and all the libs and PEAR libs available.

3. Allowed Perl (libapache2-mod-perl2) and all the CPAN libs with it.

Now the above I can manage, but I have a problem enforcing the following policy:

* Recursivly deny scripts and applications within the /var/www/$user/ to read/write/execute/link outside their directory other than the PHP/Perl Libs, Binaries and MySQL databases.

* Restricting Apache2-ITK to setuid vhost to root

How can I do this ?


May 30th, 2008, 10:55 PM
any ideas ? anyone ?