[apparmor] [PATCH] make aa-unconfined include ipv6
Seth Arnold
seth.arnold at canonical.com
Fri Dec 2 00:34:42 UTC 2016
On Thu, Dec 01, 2016 at 04:13:26PM -0800, John Johansen wrote:
> aa-unconfined currently does not check/display ipv6 fix this
Sorry to say this isn't sufficient to fix the issue. To test, run in one
terminal:
nc -6 -l 1234
and check that aa-unconfined still doesn't show the process.
The regex_tcp_udp line needs to be updated to at least allow an optional
'6':
- regex_tcp_udp = re.compile(r"^(tcp|udp)\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)")
+ regex_tcp_udp = re.compile(r"^(tcp|udp)6?\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)")
-------------------------------------------^^
While these changes are sufficient for my simple test to work, I haven't
yet tried binding to specific IPv6 addresses.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161201/3afc6b90/attachment.pgp>
More information about the AppArmor
mailing list