** Tags added: cscc
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/796588
Title:
Fine-grained network mediation
Status in AppArmor:
In Progress
Status in apparmor package in Ubuntu:
In 4.20 we landed some of the infrastructure to support this.
Specifically secmark support was landed which provides the
infrastructure needed for apparmor labels to interact with iptables and
iptables to interact with apparmor.
This isn't something generally available for use yet as it
** Tags added: kernel-key
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/796588
Title:
Fine-grained network mediation
Status in AppArmor:
In Progress
Status in apparmor package in
Fine-grained network security for snaps is going to be fantastic, but
it's also a rich area, and when networking policy stuff is done
simplistically it becomes awkward more than useful.
I'd suggest that we start now working up detailed design on the topic,
so that when we are ready to start
No disagreement that this is a high priority item. There is some work
around fine grained mediation happening but I am unsure when it will
land.
The problem is that this is not the only high priority item that needs
to be addressed. Changing priority of these items can certainly be
discussed
More to the point, implementing this would give snaps the ability to add
fine-grained network permissions for plugs, and this would suddenly make
snaps a very attractive alternative to Docker images for server apps. I
think this should be considered for priority.
--
You received this bug
I suppose it's time for the bi-annual nudge on this.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/796588
Title:
Fine-grained network mediation
Status in AppArmor:
In Progress
FYI, this is a requirement for snapd, but it was deprioritized in favor
of namespace stacking in support of LXD, upstreaming and other work in
support of snappy (eg, gsettings mediation). A lot of work was done to
support this, but the soonest it would be delivered given current
priorities is
** Changed in: apparmor
Status: In Progress = Confirmed
** Tags added: kernel-net
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/796588
Title:
Fine-grained network mediation
** Changed in: apparmor
Status: Confirmed = In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/796588
Title:
Fine-grained network mediation
Status in AppArmor Linux
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: New = Triaged
** Changed in: apparmor (Ubuntu)
Status: Confirmed = Triaged
** Changed in: linux (Ubuntu)
Importance: Undecided = High
** Tags added: aa-kernel
--
11 matches
Mail list logo
