From e3b51b37fd0a8775e09c75beb1bcce35dc11cd66 Mon Sep 17 00:00:00 2001
From: Christian Boltz <opensuse@cboltz.de>
Date: Jul 19 2017 21:57:22 +0000
Subject: Apache/Wiki AppArmor profile additions


- allow executi9ng timeout
- allow writing to just-rotated logs
- allow some more MediaWiki tempfile names

---

diff --git a/salt/profile/wiki/files/httpd2-prefork.apparmor b/salt/profile/wiki/files/httpd2-prefork.apparmor
index 37be2e1..36e5d80 100644
--- a/salt/profile/wiki/files/httpd2-prefork.apparmor
+++ b/salt/profile/wiki/files/httpd2-prefork.apparmor
@@ -118,9 +118,11 @@ profile httpd2-prefork /usr/sbin/httpd{,2}-prefork flags=(complain,attach_discon
     /bin/bash rix,
     /dev/tty rw,
     /proc/meminfo r,
+    /usr/bin/timeout rix,
     /usr/share/mediawiki_1_27/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize Px -> pygmentize,
     /usr/sbin/sendmail PUx,
     /var/log/apache2/access_log w,
+    /var/log/apache2/access_log-20[12][0-9][01][0-9][0-3][0-9] w,
     /var/log/apache2/error_log w,
 
     /srv/www/{{wiki}}.opensuse.org/cache/ r,
@@ -129,6 +131,8 @@ profile httpd2-prefork /usr/sbin/httpd{,2}-prefork flags=(complain,attach_discon
     /srv/www/{{wiki}}.opensuse.org/public/** r,
     /srv/www/{{wiki}}.opensuse.org/public/images/**.@{wiki_upload_extensions} rw,
     /srv/www/{{wiki}}.opensuse.org/public/images/lockdir/*.lock rwk,
+    /srv/www/{{wiki}}.opensuse.org/public/images/temp/*/*/*\!php??????. rw,
+    /srv/www/{{wiki}}.opensuse.org/public/images/temp/localcopy_* rw,
     /srv/www/{{wiki}}.opensuse.org/public/images/temp/ResourceLoaderImage?????? rw,
     /srv/www/{{wiki}}.opensuse.org/public/images/temp/svg_*/ rw,
     /srv/www/{{wiki}}.opensuse.org/tmp/php* rw,