[apparmor] [patch 3/4] utils/aa-unconfined: allow specifying ss/netstat binary locations
John Johansen
john.johansen at canonical.com
Fri Dec 30 09:18:09 UTC 2016
On 12/29/2016 11:24 PM, Steve Beattie wrote:
> This patch allows a user to specify a specific location for ss or
> netstat for use in aa-unconfined, allowing a user to work around a
> tool that's buggy, uninstalled, or installed in an unexpected location.
> Note this option in the manpage.
>
> [The downside to this patch is that if an environment uses something
> like a restrictive sudo policy around aa-unconfined, this would
> possibly give a user a way to subvert that. So I'm ambivalent about
> this patch.]
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Acked-by: John Johansen <john.johansen at canonical.com>
More information about the AppArmor
mailing list