Hi Daniel,
On Mon, Jan 16, 2017 at 03:48:58PM +0100, daniel curtis wrote:
> There are some rules, which are confusing me. I would like to ask You about
> them etc. So, here they are:
>
> ## tha lack of "/"?
> @{PROC} r,
This is because @{PROC} is defined with the slashes already included:
Hi Seth
There are some rules, which are confusing me. I would like to ask You about
them etc. So, here they are:
## tha lack of "/"?
@{PROC} r,
## Isn't the same thing?
@{PROC}/*/fd/ r,
@{PROC}/[0-9]*/fd r,
What do You think; what is your opinion? I've removed an "owner" prefix
from these
Hi Seth
>> I've thought about it a bit more (...)
Thank You for taking the time and the clarification. Okay: I'll use these
rules, but without 'owner' prefix. I hope that's all. Thanks once again!
Best regards.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe
On Fri, Jan 13, 2017 at 04:55:01PM +0100, daniel curtis wrote:
> owner @{PROC}/*/net/tcp6 r,
> owner @{PROC}/*/net/udp6 r,
> owner @{PROC}/*/net/raw6 r,
> What is the best solution in this situation? :- )
Hi Daniel, I've thought about it a bit more, and I think you should add
these rules:
Hi Daniel,
On Wed, Jan 11, 2017 at 07:09:14PM +0100, daniel curtis wrote:
> Hello
> owner @{PROC}/*/net/tcp6 r,
> owner @{PROC}/*/net/udp6 r,
> owner @{PROC}/*/net/raw6 r,
> As we can see these DENIED entries are related to rules, which I've removed
> previously. So: are they needed or not?
Hello
Some time ago - generally last year - I'd asked a question about netstat(8)
and its AppArmor profile [1], which contains rules related to the IPv6
protocol, such as:
owner @{PROC}/*/net/tcp6 r,
owner @{PROC}/*/net/udp6 r,
owner @{PROC}/*/net/raw6 r,
For now, I'm not using this protocol,
Hello
OK, so - in such situation - I will use something like this one:
owner @{PROC}/[0-9]*/net/tcp r,
Thanks once again, John. Best regards.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On 12/31/2016 01:41 PM, daniel curtis wrote:
>
> Hi John
>
> Thanks for an answer and explanation. I've created a bug report, because you
> have written, that: "A bug would be good, I'll try fixing it soon and will
> need a bug to reference when I push the fix". Please see [1].
>
yes, as I
Hi John
Thanks for an answer and explanation. I've created a bug report, because
you have written, that: "A bug would be good, I'll try fixing it soon and
will need a bug to reference when I push the fix". Please see [1].
Anyway, I should add a rule mentioned by me in a Launchpad bug report,
On 12/31/2016 04:37 AM, daniel curtis wrote:
>
> Hello
>
> I've created a bug report, on Lauchpad, related to a netstat(8) and ptrace
> problems. I hope, that it will help to solve this issue, because there are
> still DENIED messages in log files. Everything is described in a report.
>
>
Hi Jonh
>> if you aren't using ipv6 you should be able to drop them
Okay, so I will remove them. And what about rules according to, for
example, '@{PROC}/[0-9]*/fd'? Should I use an 'owner' with these rules? I
mean:
@{PROC}/*/fd/ r,
@{PROC}/[0-9]*/fd r,
@{PROC}/net r,
@{PROC}/net/* r,
And so
11 matches
Mail list logo