On Fri, Dec 30, 2016 at 02:54:31PM +0100, Christian Boltz wrote: > For 2.10 and 2.9, I'd prefer to have a small patch (using netstat's > --protocol option) instead of a full aa-unconfined rewrite.
Okay to apply to 2.10 and 2.9? Subject: utils/aa-unconfined: fix netstat invocation regression It was reported[1] that converting the netstat command to examine processes bound to ipv6 addresses broke on OpenSUSE due to the version of nettools not supporting the short -4 -6 arguments. This patch fixes the invocation of netstat to use the "--protocol inet,inet6" arguments instead, which should return the same results as the short options. Signed-off-by: Steve Beattie <[email protected]> --- utils/aa-unconfined | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: b/utils/aa-unconfined =================================================================== --- a/utils/aa-unconfined +++ b/utils/aa-unconfined @@ -49,7 +49,7 @@ else: output = subprocess.check_output("LANG=C netstat -nlp46", shell=True).split("\n") else: #Python3 needs to translate a stream of bytes to string with specified encoding - output = str(subprocess.check_output("LANG=C netstat -nlp46", shell=True), encoding='utf8').split("\n") + output = str(subprocess.check_output("LANG=C netstat -nlp --protocol inet,inet6", shell=True), encoding='utf8').split("\n") for line in output: match = regex_tcp_udp.search(line) -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
