[apparmor] [patch] utils/aa-unconfined: fix netstat invocation regression
Steve Beattie
steve at nxnw.org
Fri Dec 30 17:13:56 UTC 2016
On Fri, Dec 30, 2016 at 02:54:31PM +0100, Christian Boltz wrote:
> For 2.10 and 2.9, I'd prefer to have a small patch (using netstat's
> --protocol option) instead of a full aa-unconfined rewrite.
Okay to apply to 2.10 and 2.9?
Subject: utils/aa-unconfined: fix netstat invocation regression
It was reported[1] that converting the netstat command to examine
processes bound to ipv6 addresses broke on OpenSUSE due to the version
of nettools not supporting the short -4 -6 arguments.
This patch fixes the invocation of netstat to use the "--protocol
inet,inet6" arguments instead, which should return the same results
as the short options.
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
utils/aa-unconfined | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: b/utils/aa-unconfined
===================================================================
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@@ -49,7 +49,7 @@ else:
output = subprocess.check_output("LANG=C netstat -nlp46", shell=True).split("\n")
else:
#Python3 needs to translate a stream of bytes to string with specified encoding
- output = str(subprocess.check_output("LANG=C netstat -nlp46", shell=True), encoding='utf8').split("\n")
+ output = str(subprocess.check_output("LANG=C netstat -nlp --protocol inet,inet6", shell=True), encoding='utf8').split("\n")
for line in output:
match = regex_tcp_udp.search(line)
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161230/99d91093/attachment.pgp>
More information about the AppArmor
mailing list