[apparmor] Deny network bind in profile

Georg Schoenberger g.schoenberger at xortex.com
Fri Jul 22 08:11:08 UTC 2016


Hi folks,
I am currently trying to deny a process from binding to network sockets.
Unfortunately the example from http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference does not work for me:
* deny network bind inet,
A reload fails with "invalid network entry", if I am completely denying "deny network inet" the profile reloads. I am using:
* dpkg -l | grep appar
ii  apparmor                            2.8.95~2430-0ubuntu5.3                               amd64        User-space parser utility for AppArmor
with Ubuntu 14.04.

Any ideas?
THX Georg


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160722/7c6a5bb9/attachment.html>


More information about the AppArmor mailing list