On Thu, Dec 01, 2016 at 04:47:23PM -0800, Seth Arnold wrote: > On Thu, Dec 01, 2016 at 04:39:06PM -0800, John Johansen wrote: > > meh, sufficient is good enough, we can add more as we encounter a need > > > > updated patch below > > You're right, I can't figure out how to get nc or socat to listen to a > specific address. (Odd. I'd have expected this to just be obvious in > either tool.) > > So, in the meantime, this is great! :D > > Acked-by: Seth Arnold <seth.arn...@canonical.com> > > Acked for everything.
Also acked from me, thanks. In testing, I did notice one thing not getting turned up, from netstat -nlp46 output: raw6 0 0 :::58 :::* 7 1326/NetworkManager which when asking netstat to display name resolution ends up being: raw6 0 0 [::]:ipv6-icmp [::]:* 7 1326/NetworkManager Of course, aa-unconfined doesn't show this, the following patch adds that, by adding the raw keyword as an alternative to tcp|udp and accepting a number as an alternative to LISTEN. Signed-off-by: Steve Beattie <st...@nxnw.org> --- utils/aa-unconfined | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: b/utils/aa-unconfined =================================================================== --- a/utils/aa-unconfined +++ b/utils/aa-unconfined @@ -43,7 +43,7 @@ pids =  if paranoid: pids = list(filter(lambda x: re.search(r"^\d+$", x), aa.get_subdirectories("/proc"))) else: - regex_tcp_udp = re.compile(r"^(tcp|udp)6?\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)") + regex_tcp_udp = re.compile(r"^(tcp|udp|raw)6?\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\d+|\s+)\s+(\d+)\/(\S+)") import subprocess if sys.version_info < (3, 0): output = subprocess.check_output("LANG=C netstat -nlp46", shell=True).split("\n") -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
Description: PGP signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor