This file is indexed.

/etc/apparmor.d/usr.sbin.apache2 is in libapache2-mod-apparmor 2.10.95-0ubuntu2.6~14.04.4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>

#include <tunables/global>
/usr/sbin/apache2 flags=(complain) {

  # This profile is completely permissive.
  # It is designed to target specific applications using mod_apparmor,
  # hats, and the apache2.d directory.
  #
  # In order to enable this profile, you must:
  #
  # 1- Enable it:
  #    sudo aa-enforce /etc/apparmor.d/usr.sbin.apache2
  #
  # 2- Load the mpm_prefork and mod_apparmor modules:
  #    sudo a2dismod <other non-prefork mpm>
  #    sudo a2enmod mpm_prefork
  #    sudo a2enmod apparmor
  #    sudo service apache2 restart
  #
  # 3- Place an appropriate profile containing the desired hat in the
  #    /etc/apparmor.d/apache2.d directory.  Such profiles should probably
  #    include the "apache2-common" abstraction.
  #
  # 4- Use the "AADefaultHatName" apache configuration option to specify a
  #    hat to be used for a given apache virtualhost or "AAHatName" for
  #    a given apache directory or location directive.
  #
  #
  # There is an example profile for phpsysinfo included in the
  # apparmor-profiles package. To try it:
  #
  # 1- Install the phpsysinfo and the apparmor-profiles packages:
  #    sudo apt-get install phpsysinfo apparmor-profiles
  #
  # 2- Enable the main apache2 profile
  #    sudo aa-enforce /etc/apparmor.d/usr.sbin.apache2
  #
  # 3- Configure apache with the following:
  #    <Directory /var/www/phpsysinfo/>
  #        AAHatName phpsysinfo
  #    </Directory>
  #

  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability dac_override,
  capability kill,
  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_tty_config,

  / rw,
  /** mrwlkix,


  ^DEFAULT_URI flags=(complain) {
    #include <abstractions/base>
    #include <abstractions/nameservice>

    / rw,
    /** mrwlkix,

  }

  ^HANDLING_UNTRUSTED_INPUT flags=(complain) {
    #include <abstractions/nameservice>

    / rw,
    /** mrwlkix,

  }

  # This directory contains web application
  # package-specific apparmor files.

  #include <apache2.d>

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.apache2>
}