[apparmor] Problems with IPv6
Simon Deziel
simon.deziel at gmail.com
Tue Jun 25 03:09:46 UTC 2013
Hi Aaron,
On 13-06-24 10:28 PM, Aaron Lewis wrote:
> Hi guys,
>
> I have two problems when IPv6 is enabled,
>
> A. for chrome browser,
>
> I don't know how to define a "sub" profile without knowing absolute
> path of Chrome_IOThread
>
> [ 771.956817] type=1400 audit(1372127142.646:1647): apparmor="DENIED"
> operation="create" parent=1 profile="/usr/lib/chromium/chromium"
> pid=4878 comm="Chrome_IOThread" family="inet6" sock_type="dgram"
> protocol=0
Inet6 and dgram would point to UDPv6 but protocol 0 is surprising me so
let's hear from someone else ;)
> B. for weechat,
>
> I already have the following line defined, but still not able to use
> IPv6 network,
>
> network inet6 stream,
>
>
> [ 795.142540] type=1400 audit(1372127165.826:1689): apparmor="DENIED"
> operation="create" parent=11789 profile="/usr/bin/weechat-curses"
> pid=11791 comm="weechat-curses" family="inet" sock_type="stream"
> protocol=6
Inet, stream and protocol 6 is TCPv4 so I'd try adding:
network inet stream,
HTH,
Simon
More information about the AppArmor
mailing list