On Thu, Dec 01, 2016 at 04:47:23PM -0800, Seth Arnold wrote:
> On Thu, Dec 01, 2016 at 04:39:06PM -0800, John Johansen wrote:
> > meh, sufficient is good enough, we can add more as we encounter a need
> > 
> > updated patch below
> 
> You're right, I can't figure out how to get nc or socat to listen to a
> specific address. (Odd. I'd have expected this to just be obvious in
> either tool.)
> 
> So, in the meantime, this is great! :D
> 
> Acked-by: Seth Arnold <seth.arn...@canonical.com>
> 
> Acked for everything.

Also acked from me, thanks.

In testing, I did notice one thing not getting turned up, from
netstat -nlp46 output:

  raw6       0      0 :::58                   :::*                    7        
1326/NetworkManager

which when asking netstat to display name resolution ends up being:

  raw6       0      0 [::]:ipv6-icmp          [::]:*                  7        
1326/NetworkManager

Of course, aa-unconfined doesn't show this, the following patch adds
that, by adding the raw keyword as an alternative to tcp|udp and
accepting a number as an alternative to LISTEN.

Signed-off-by: Steve Beattie <st...@nxnw.org>
---
 utils/aa-unconfined |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: b/utils/aa-unconfined
===================================================================
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@@ -43,7 +43,7 @@ pids = []
 if paranoid:
     pids = list(filter(lambda x: re.search(r"^\d+$", x), 
aa.get_subdirectories("/proc")))
 else:
-    regex_tcp_udp = 
re.compile(r"^(tcp|udp)6?\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)")
+    regex_tcp_udp = 
re.compile(r"^(tcp|udp|raw)6?\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\d+|\s+)\s+(\d+)\/(\S+)")
     import subprocess
     if sys.version_info < (3, 0):
         output = subprocess.check_output("LANG=C netstat -nlp46", 
shell=True).split("\n")

-- 
Steve Beattie
<sbeat...@ubuntu.com>
http://NxNW.org/~steve/

Attachment: signature.asc
Description: PGP signature

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to