[apparmor] [patch 3/4] utils/aa-unconfined: allow specifying ss/netstat binary locations

John Johansen john.johansen at canonical.com
Fri Dec 30 09:18:09 UTC 2016

On 12/29/2016 11:24 PM, Steve Beattie wrote:
> This patch allows a user to specify a specific location for ss or
> netstat for use in aa-unconfined, allowing a user to work around a
> tool that's buggy, uninstalled, or installed in an unexpected location.
> Note this option in the manpage.
> [The downside to this patch is that if an environment uses something
>  like a restrictive sudo policy around aa-unconfined, this would
>  possibly give a user a way to subvert that. So I'm ambivalent about
>  this patch.]
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Acked-by: John Johansen <john.johansen at canonical.com>

More information about the AppArmor mailing list