Hello, should we check all profiles if they need inet6 added?
(Note that I don't have an IPv6 setup here, so I can't test it.) A quick grep shows the following candidates: a) profiles/apparmor.d/ > bin.ping: network inet raw, Does /bin/ping also work for ipv6 or is that the job of the separate /bin/ping6 binary? ping6 doesn't have a profile yet - maybe we could solve it by changing the profile name to /bin/ping{,6} ? > sbin.klogd: network inet stream, Does klogd support IPv6? > usr.lib.dovecot.managesieve-login: network inet stream, Same question here ;-) - usr.lib.dovecot.imap-login has IPv6 support (see separate mail with patch some minutes ago), so chances are good. > usr.sbin.dnsmasq: network inet raw, ... and here > usr.sbin.nscd: network inet dgram, > usr.sbin.nscd: network inet stream, ... and here > usr.sbin.ntpd: network inet dgram, > usr.sbin.ntpd: network inet stream, > usr.sbin.ntpd: network inet6 stream, ... and here - but only for inet6 dgram. Note that inet{,6} stream is already allowed. b) profiles/apparmor/profiles/extras/ > usr.sbin.dhcpd: network inet raw, Does dhcpd also handle IPv6 or is there a separate version? Fortunately most profiles get network access via abstractions, which already include support for IPv4 and IPv6. Regards, Christian Boltz -- Aber genauso können mir ja auch die Grünen leid tuen. Da bin ich doch lieber blau ... [Konrad Neitzel in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor