Secmark allows us to label packets with fairly arbitrary iptables rules, and these patches give a mechanism for then applying Apparmor policy to those labels. I haven't really thought through how this applies to existing network policy, so feedback on that welcome.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
