
Lambda Team (2023-04-18):
> I've encountered a bug on a fully updated Debian Bullseye that (perhaps 
> also) makes the network directives of AppArmor not work

Right, as documented in the apparmor.d(5) manpage on Debian:

  Some features are not supported on Debian yet:

       Network Rules
       DBus rules
       Unix socket rules

This is tracked on https://bugs.debian.org/712451, which is probably
outdated, since I believe things have improved since the last update
there. As you mentioned, on Bookworm, with AppArmor 3.0 userspace, we
should have at least some support for network mediation (as in, given
a policy without any network rule, network operations will be denied).

If someone tested on Bookworm or newer, and reported back how they
tested this (ideally in a way that others can review & reproduce),
then we could:

 - update the doc accordingly
 - fix (or at least track) any remaining problem


Reply via email to