[apparmor] [patch] allow inet6 in ping profile
Christian Boltz
apparmor at cboltz.de
Wed May 18 18:21:28 UTC 2016
Hello,
the latest iputils merged ping and ping6 into a single binary that does
both IPv4 and IPv6 pings (by default, it really does both).
This means we need to allow network inet6 raw in the ping profile.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=980596
(contains more details and example output)
I propose this patch for trunk, 2.10 and 2.9 - even if it's unlikely
that someone using 2.9.x upgrades to the latest iputils ;-)
[ ping-inet6.diff ]
=== modified file 'profiles/apparmor.d/bin.ping'
--- profiles/apparmor.d/bin.ping 2015-10-20 21:12:35 +0000
+++ profiles/apparmor.d/bin.ping 2016-05-18 18:12:04 +0000
@@ -18,6 +18,7 @@
capability net_raw,
capability setuid,
network inet raw,
+ network inet6 raw,
/{,usr/}bin/ping mixr,
/etc/modules.conf r,
Regards,
Christian Boltz
--
> When there isn't sufficient virtual memory, the compiler bails out,
> giving an internal error message. When I kill some processes, the
> error goes away.
And what is the compiler supposed to do instead? Go shopping for you
and buy more memory? [Falk Hueffner, on the GNU C++ compiler]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160518/eeb3583e/attachment.pgp>
More information about the AppArmor
mailing list