On 02/15/2018 07:21 AM, Viacheslav Salnikov wrote: > OK, let me be more specific: > > does AppArmor complain about communication through the unix domain sockets > into dmesg? > yes
> All I've got - AppArmor can restrict access to named unix socket as a file - > because it is a file - without using "deny unix". Actually, deny unix does > not work for me with named sockets. > > currently the unix fs sockets can only be mediated as files without typing info. This will be extended, but there hasn't been a decision as to whether it is done through a file conditional something like type=af_unix /foo rw, or whether its through the socket rules -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor