[apparmor] [PATCH] make aa-unconfined include ipv6

Seth Arnold seth.arnold at canonical.com
Fri Dec 2 00:34:42 UTC 2016

On Thu, Dec 01, 2016 at 04:13:26PM -0800, John Johansen wrote:
> aa-unconfined currently does not check/display ipv6 fix this

Sorry to say this isn't sufficient to fix the issue. To test, run in one

nc -6 -l 1234

and check that aa-unconfined still doesn't show the process.

The regex_tcp_udp line needs to be updated to at least allow an optional

-    regex_tcp_udp = re.compile(r"^(tcp|udp)\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)")
+    regex_tcp_udp = re.compile(r"^(tcp|udp)6?\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)")


While these changes are sufficient for my simple test to work, I haven't
yet tried binding to specific IPv6 addresses.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161201/3afc6b90/attachment.pgp>

More information about the AppArmor mailing list