[apparmor] aa-unconfined man page vs behavior?
steve at nxnw.org
Fri Dec 30 07:33:57 UTC 2016
While editing the man page for aa-unconfined in this patch set, I
noticed that it's uh pretty inaccurate at describing the behavior
of aa-unconfined. It described listing processes without apparmor
policies applied, whereas the tool reports processes with and without
The question is, which way is the preferred way to fix this? Change
the documentation to accurately reflect the tool's behavior, or adjust
the tool to more closely reflect the documentation?
For reference, here's the man page, after applying the first patch in
A-UNCONFINED(8) AppArmor AA-UNCONFINED(8)
aa-unconfined - output a list of processes with tcp or udp
ports that do not have AppArmor profiles loaded
aa-unconfined [--paranoid] [--with-ss | --with-netstat]
Displays all processes from /proc filesystem with tcp or
udp ports that do not have AppArmor profiles loaded.
Use the ss(8) command to find processes listening on
network sockets (the default).
Use the netstat(8) command to find processes listening on
network sockets. This is also what aa-unconfined will
fall back to when ss(8) is not available.
aa-unconfined will use netstat(8) to determine which
processes have open network sockets and do not have AppArmor
profiles loaded into the kernel.
aa-unconfined must be run as root to retrieve the process
executable link from the /proc filesystem. This program is
susceptible to race conditions of several flavours: an
unlinked executable will be mishandled; an executable started
before an AppArmor profile is loaded will not appear in the
output, despite running without confinement; a process that
dies between the netstat(8) and further checks will be
mishandled. This program only lists processes using TCP and
UDP. In short, this program is unsuitable for forensics use
and is provided only as an aid to profiling all network-
accessible processes in the lab.
If you find any bugs, please report them at
ss(8), netstat(8), apparmor(7), apparmor.d(5),
aa_change_hat(2), and <http://wiki.apparmor.net>.
AppArmor 2.10.95 2016-12-30 AA-UNCONFINED(8)
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the AppArmor