[apparmor] [Bug 732837] Re: AF_TIPC not supported by parser when it is in the kernel
Steve Beattie
steve at nxnw.org
Fri Mar 11 20:39:33 UTC 2011
On Fri, Mar 11, 2011 at 10:13:49AM -0800, John Johansen wrote:
> On 03/11/2011 04:51 AM, Christian Boltz wrote:
> > If I get it right, this patch allows some new keywords for network rules.
> > Which keywords are this?
> >
> the names are auto generated from a kernel header so every time the kernel
> adds a new networking family and the compiler is built against it, new
> network keywords are automatically added.
FYI, ACK on the patch you attached to the bug.
> This allows for us to provide a course level of control (enabled/disable)
> new networking families as they are added. Finer level controls like
> what ipv4/ipv6 will require a larger patch.
>
> > At the moment I have those keywords for the network rule:
> > sdNetworkProto="inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|
> > bluetooth"
> >
> The current set as built against 2.6.38 are
>
> "inet","ax25","ipx","appletalk","netrom","bridge","atmpvc","x25","inet6",
> "rose","netbeui","security","key","packet","ash","econet","atmsvc","rds",
> "sna","irda","pppox","wanpipe","llc","can","tipc","bluetooth","iucv",
> "rxrpc","isdn","phonet","ieee802154","caif","alg"
We could do a similar build time generation of this list for
apparmor.vim. I'm not sure it really improves the situation, however.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110311/2711f79e/attachment.pgp>
More information about the AppArmor
mailing list