[apparmor] [patch] allow inet6 in ping profile

Christian Boltz apparmor at cboltz.de
Wed May 18 18:21:28 UTC 2016


the latest iputils merged ping and ping6 into a single binary that does
both IPv4 and IPv6 pings (by default, it really does both).
This means we need to allow network inet6 raw in the ping profile.

References: https://bugzilla.opensuse.org/show_bug.cgi?id=980596
            (contains more details and example output)

I propose this patch for trunk, 2.10 and 2.9 - even if it's unlikely
that someone using 2.9.x upgrades to the latest iputils ;-)

[ ping-inet6.diff ]

=== modified file 'profiles/apparmor.d/bin.ping'
--- profiles/apparmor.d/bin.ping        2015-10-20 21:12:35 +0000
+++ profiles/apparmor.d/bin.ping        2016-05-18 18:12:04 +0000
@@ -18,6 +18,7 @@
   capability net_raw,
   capability setuid,
   network inet raw,
+  network inet6 raw,
   /{,usr/}bin/ping mixr,
   /etc/modules.conf r,


Christian Boltz
> When there isn't sufficient virtual memory, the compiler bails out,
> giving an internal error message. When I kill some processes, the
> error goes away.
And what is the compiler supposed to do instead? Go shopping for you
and buy more memory? [Falk Hueffner, on the GNU C++ compiler]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160518/eeb3583e/attachment.pgp>

More information about the AppArmor mailing list