[apparmor] [profile] netstat(8): plenty of DENIED messages; repeated "target=*" value.
daniel curtis
sidetripping at gmail.com
Thu Dec 8 13:02:32 UTC 2016
Hi Jonh
>> if you aren't using ipv6 you should be able to drop them
Okay, so I will remove them. And what about rules according to, for
example, '@{PROC}/[0-9]*/fd'? Should I use an 'owner' with these rules? I
mean:
@{PROC}/*/fd/ r,
@{PROC}/[0-9]*/fd r,
@{PROC}/net r,
@{PROC}/net/* r,
And so on. It's more secure? Or it could be considered more secure?
What is your opinion?
Thanks, best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161208/063949d8/attachment.html>
More information about the AppArmor
mailing list