[apparmor] Using AppArmor to restrict network access for some programs
Seth Arnold
seth.arnold at canonical.com
Thu Nov 28 08:27:58 UTC 2013
On Thu, Nov 28, 2013 at 12:03:06PM +0400, Vladimir Kozlov wrote:
> I'm trying to find a way to restrict network access to local subnet for
> some programs. I've found that in AppArmor documentation there is a mention
> of such a possibility (
> http://wiki.apparmor.net/index.php/ProfileLanguage#Network_rules) - ipv4
> address expressions and address masks, but I can't find a working example
> of such a rule.
>
> What I tried to do is to use a rule like this:
>
> network inet raw dst 10.0.2.0/24,
Hello Vladimir,
I'm sorry, this functionality does not yet exist. That portion of the
document was describing our goals for AppArmor 3.0; I'd be very surprised
if we can provide the networking rules you (and I :) want in time for
the AppArmor 3.0 release.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131128/5b5f0375/attachment.pgp>
More information about the AppArmor
mailing list