Hi guys, I checked out Ubuntu 16.04 and got this output: $ cat /sys/kernel/security/apparmor/features/network/af_unix yes
But Ubuntu 16.04 based on 4.4 kernel $ uname -a Linux 4.4.0-112-generic #135-Ubuntu SMP Fri Jan 19 11:48:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux I cloned xenial kernel for investigation and af_unit is in the kernel. Does it mean that somebody did the backport or what? Maybe you know about that. Best regards, Slava. 2017-12-14 11:55 GMT+02:00 Viacheslav Salnikov <[email protected]>: > Hello Seth and John, > > Thanks for your answers. > ------------------------------------------------------------ > ----------------------------------------------------------------- > It seems that used version of apparmor parser has support for unix sockets > (I use 2.11): > > on this > *$ echo "profile p { unix, }" | apparmor_parser -Qd* > > I got the following output > > > > > > * Warning from stdin (line 1): apparmor_parser: cannot use or update > cache, disable, or force-complain via stdin ----- Debugging built > structures ----- Name: p Profile Mode: Enforce unix (),* > > ------------------------------------------------------------ > ----------------------------------------------------------------- > Is it possible to back-port from v4.13 to the v4.4? There are a lot of > changes. > Well, it's not like I want you to do all the work for me, alright? Is it > possible to cooperate on this one? > > I think that the main unix socket functionality was brought by this patch: > https://gitlab.com/apparmor/apparmor/blob/master/kernel- > patches/v4.13/0017-UBUNTU-SAUCE-apparmor-af_unix-mediation.patch > > What else should be added to the kernel? > > > 2017-12-08 22:37 GMT+01:00 John Johansen <[email protected]>: > >> On 12/08/2017 08:20 AM, Viacheslav Salnikov wrote: >> > Hello, >> > >> > First of all, I googled and experimented. Didn't work out so well. >> > >> > I want to ensure that communication through unix socket is monitored by >> apparmor. >> > What should I do to make this happen? >> > >> >> As Seth mentioned you will need a kernel, and userspace that supports >> unix socket >> mediation. >> >> AppArmor 2.11 (latest release) supports unix socket rules. >> >> The Ubuntu kernels have supported unix socket mediation in some form >> since 14.10 >> >> The patch does not currently exist in the upstream kernel but there is an >> out of tree patchset available, in the kernel-patches/ directory of the >> userspace project. >> >> You can find it in the release tarball, or gitlab.com/apparmor/apparmor >> >> you will want the v4.13 or v4.14 dir >> >> >
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
