Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 295

http://httpd.apache.org/docs-2.2/mod/core.html
to
#virtualhost.
The ChangeHat-specific configuration keyword is AADefaultHatName. It is used
similarly to AAHatName, for example, AADefaultHatName
My_Funky_Default_Hat.
The configuration option is actually based on a server directive, which enables you to
use the keyword outside of other options, setting it for the default server. Virtual hosts
are considered internally within Apache to be separate "servers," so you can set a default
hat name for the default server as well as one for each virtual host, if desired.
When a request comes in, the following steps reflect the sequence in which
mod_apparmor attempts to apply hats.
1. A location or directory hat as specified by the AAHatName keyword
2. A hat named by the entire URI path
3. A default server hat as specified by the AADefaultHatName keyword
4. DEFAULT_URI (if none of those exist, it goes back to the "parent" Apache hat)
25.2.2 Location and Directory Directives
Location and directory directives specify hat names in the program configuration file
so the program calls the hat regarding its security. For Apache, you can find documen-
tation about the location and directory directives at
docs-2.2/sections.html.
The location directive example below specifies that, for a given location,
mod_apparmor should use a specific hat:
<Location /foo/> AAHatName MY_HAT_NAME </Location>
This tries to use MY_HAT_NAME for any URI beginning with /foo/ (/foo/, /foo/
bar, /foo/cgi/path/blah_blah/blah, etc.).
http://httpd.apache.org/
Profiling Your Web Applications Using ChangeHat 283