Hi, Lambda Team (2023-04-18): > I've encountered a bug on a fully updated Debian Bullseye that (perhaps > also) makes the network directives of AppArmor not work
Right, as documented in the apparmor.d(5) manpage on Debian: Some features are not supported on Debian yet: Network Rules DBus rules Unix socket rules This is tracked on https://bugs.debian.org/712451, which is probably outdated, since I believe things have improved since the last update there. As you mentioned, on Bookworm, with AppArmor 3.0 userspace, we should have at least some support for network mediation (as in, given a policy without any network rule, network operations will be denied). If someone tested on Bookworm or newer, and reported back how they tested this (ideally in a way that others can review & reproduce), then we could: - update the doc accordingly - fix (or at least track) any remaining problem Cheers, -- intrigeri