[apparmor] [PATCH] make aa-unconfined include ipv6
Seth Arnold
seth.arnold at canonical.com
Fri Dec 2 00:47:23 UTC 2016
On Thu, Dec 01, 2016 at 04:39:06PM -0800, John Johansen wrote:
> meh, sufficient is good enough, we can add more as we encounter a need
>
> updated patch below
You're right, I can't figure out how to get nc or socat to listen to a
specific address. (Odd. I'd have expected this to just be obvious in
either tool.)
So, in the meantime, this is great! :D
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Acked for everything.
Thanks
>
> === modified file 'utils/aa-unconfined'
> --- utils/aa-unconfined 2016-10-01 18:57:09 +0000
> +++ utils/aa-unconfined 2016-12-02 00:38:27 +0000
> @@ -43,13 +43,13 @@
> if paranoid:
> pids = list(filter(lambda x: re.search(r"^\d+$", x), aa.get_subdirectories("/proc")))
> else:
> - regex_tcp_udp = re.compile(r"^(tcp|udp)\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)")
> + regex_tcp_udp = re.compile(r"^(tcp|udp)6?\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)")
> import subprocess
> if sys.version_info < (3, 0):
> - output = subprocess.check_output("LANG=C netstat -nlp", shell=True).split("\n")
> + output = subprocess.check_output("LANG=C netstat -nlp46", shell=True).split("\n")
> else:
> #Python3 needs to translate a stream of bytes to string with specified encoding
> - output = str(subprocess.check_output("LANG=C netstat -nlp", shell=True), encoding='utf8').split("\n")
> + output = str(subprocess.check_output("LANG=C netstat -nlp46", shell=True), encoding='utf8').split("\n")
>
> for line in output:
> match = regex_tcp_udp.search(line)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161201/244d1dce/attachment.pgp>
More information about the AppArmor
mailing list