[apparmor] [patch 0/4] utils: fix aa-unconfined regression
steve at nxnw.org
Fri Dec 30 07:24:54 UTC 2016
This patch set fixes a regression in the utils/aa-unconfined utility
introduced in trunk commit 3592 (and backported to apparmor 2.10 and
2.9) that was intended to add support for processes that listen on ipv6
sockets. The arguments passed to netstat are not supported by the
version of netstat provided in OpenSUSE.
It does this both by addressing the invocation of netstat as well as
parsing ss(8) output and using this by default. The third patch in
the series is offered optionally, as it makes aa-unconfined support
using alternate binaries for netstat/ss, which may be problematic in
restricted sudo environments.
Proposed for trunk, 2.10, and 2.9.
<sbeattie at ubuntu.com>
More information about the AppArmor