[apparmor] [patch] libapparmor: add support for ip addresses and ports

Steve Beattie steve at nxnw.org
Fri Apr 6 22:07:32 UTC 2012


On Fri, Apr 06, 2012 at 02:54:15PM -0700, John Johansen wrote:
> On 04/06/2012 11:16 AM, Steve Beattie wrote:
> > On Fri, Apr 06, 2012 at 05:50:29PM +0000, Seth Arnold wrote:
> >> Could you explain the ip_addr regex? The {3,} is really confusing me.
> > 
> > That just means a minimum of three characters (in particular for ::1,
> > the loopback ipv6 interface). Otherwise, [a-f[:digit:].:] matches a-f,
> > 0-9, '.', and ':'. Potentially / should be included in there as well,
> > but I couldn't generate a log message with an ipv6 address that looked
> > like that (e.g. "fe80::a00:27ff:fe3c:c567/64" pulled from ifconfig in a
> > vm).
> It won't ever generate an address with a mask at least currently.  If your
> curious its using the ip6_compressed_string fn from lib/vsprintf.c in the
> kernel which supports
>   http://tools.ietf.org/html/rfc5952

Ah, okay. I was concerned that testcase_network_05.in
encapsulated bogus kernel behavior with the address
'::ffff:127.0.0.1' but that representation is allowed under
http://tools.ietf.org/html/rfc5952#section-5 .

Thanks.

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120406/30cc020e/attachment.pgp>


More information about the AppArmor mailing list