Many thanks, friends! You gave me information I was looking for.
2018-02-15 21:37 GMT+02:00 John Johansen <[email protected]>: > On 02/15/2018 07:21 AM, Viacheslav Salnikov wrote: > > OK, let me be more specific: > > > > does AppArmor complain about communication through the unix domain > sockets into dmesg? > > > yes > > > All I've got - AppArmor can restrict access to named unix socket as a > file - because it is a file - without using "deny unix". Actually, deny > unix does not work for me with named sockets. > > > > > currently the unix fs sockets can only be mediated as files without typing > info. This will be extended, but there hasn't been a decision as to whether > it is done through a file conditional > > something like > > type=af_unix /foo rw, > > or whether its through the socket rules > >
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
