[apparmor] Using AppArmor to restrict network access for some programs
Vladimir Kozlov
vladimir.kozlov at gmail.com
Thu Nov 28 08:03:06 UTC 2013
Hello,
I'm trying to find a way to restrict network access to local subnet for
some programs. I've found that in AppArmor documentation there is a mention
of such a possibility (
http://wiki.apparmor.net/index.php/ProfileLanguage#Network_rules) - ipv4
address expressions and address masks, but I can't find a working example
of such a rule.
What I tried to do is to use a rule like this:
network inet raw dst 10.0.2.0/24,
but all my attemts were unsuccessfull - "syntax error, unexpected TOK_ID,
expecting TOK_END_OF_RULE".
I'm using AppArmor parser version 2.7.102.
Could you please advice if there is such a possibility to restrict network
access using development version of Apparmor (3.0) in old versions of
Ubuntu, namely 10.04 and 12.04?
Kind regards,
Vladimir.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131128/5ddfcd64/attachment.html>
More information about the AppArmor
mailing list