Results 1 to 2 of 2

Thread: [Hardy] Apparmor - Restricting Apache2-ITK VirtualHosts

  1. #1
    Join Date
    Apr 2008

    Exclamation [Hardy] Apparmor - Restricting Apache2-ITK VirtualHosts


    I'm setting up a shared hosting solution, with apache2-mpm-itk for user management and libapache2-mod-chroot to chroot /var/www/ and I'm having trouble enforcing the a policy idea, here are the fundamentals:

    1. 1 User per Vhost with a home directory in /var/www/$vhostuser

    2. Allowed PHP (libapache2-mod-php5) and all the libs and PEAR libs available.

    3. Allowed Perl (libapache2-mod-perl2) and all the CPAN libs with it.

    Now the above I can manage, but I have a problem enforcing the following policy:

    * Recursivly deny scripts and applications within the /var/www/$user/ to read/write/execute/link outside their directory other than the PHP/Perl Libs, Binaries and MySQL databases.

    * Restricting Apache2-ITK to setuid vhost to root

    How can I do this ?


  2. #2
    Join Date
    Apr 2008

    Re: [Hardy] Apparmor - Restricting Apache2-ITK VirtualHosts

    any ideas ? anyone ?

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts