[apparmor] [patch] utils/aa-unconfined: fix netstat invocation regression

Steve Beattie steve at nxnw.org
Fri Dec 30 17:13:56 UTC 2016

On Fri, Dec 30, 2016 at 02:54:31PM +0100, Christian Boltz wrote:
> For 2.10 and 2.9, I'd prefer to have a small patch (using netstat's
> --protocol option) instead of a full aa-unconfined rewrite.

Okay to apply to 2.10 and 2.9?

Subject: utils/aa-unconfined: fix netstat invocation regression

It was reported[1] that converting the netstat command to examine
processes bound to ipv6 addresses broke on OpenSUSE due to the version
of nettools not supporting the short -4 -6 arguments.

This patch fixes the invocation of netstat to use the "--protocol
inet,inet6" arguments instead, which should return the same results
as the short options.

Signed-off-by: Steve Beattie <steve at nxnw.org>
 utils/aa-unconfined |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: b/utils/aa-unconfined
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@@ -49,7 +49,7 @@ else:
         output = subprocess.check_output("LANG=C netstat -nlp46", shell=True).split("\n")
         #Python3 needs to translate a stream of bytes to string with specified encoding
-        output = str(subprocess.check_output("LANG=C netstat -nlp46", shell=True), encoding='utf8').split("\n")
+        output = str(subprocess.check_output("LANG=C netstat -nlp --protocol inet,inet6", shell=True), encoding='utf8').split("\n")
     for line in output:
         match = regex_tcp_udp.search(line)

Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161230/99d91093/attachment.pgp>

More information about the AppArmor mailing list