[apparmor] [profile] netstat(8): plenty of DENIED messages; repeated "target=*" value.

daniel curtis sidetripping at gmail.com
Thu Dec 8 13:02:32 UTC 2016

Hi Jonh

>> if you aren't using ipv6 you should be able to drop them

Okay, so I will remove them. And what about rules according to, for
example, '@{PROC}/[0-9]*/fd'? Should I use an 'owner' with these rules? I

@{PROC}/*/fd/ r,
@{PROC}/[0-9]*/fd r,
@{PROC}/net r,
@{PROC}/net/* r,

And so on. It's more secure? Or it could be considered more secure?
What is your opinion?

Thanks, best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161208/063949d8/attachment.html>

More information about the AppArmor mailing list