[apparmor] [profile] netstat(8): plenty of DENIED messages; repeated "target=*" value.
Seth Arnold
seth.arnold at canonical.com
Fri Jan 13 19:59:15 UTC 2017
On Fri, Jan 13, 2017 at 04:55:01PM +0100, daniel curtis wrote:
> owner @{PROC}/*/net/tcp6 r,
> owner @{PROC}/*/net/udp6 r,
> owner @{PROC}/*/net/raw6 r,
> What is the best solution in this situation? :- )
Hi Daniel, I've thought about it a bit more, and I think you should add
these rules:
@{PROC}/*/net/tcp6 r,
@{PROC}/*/net/udp6 r,
@{PROC}/*/net/raw6 r,
The 'owner' prefix would make netstat report information only for
root. But non-privileged users expect netstat to show their own processes.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170113/b8e63d7c/attachment.pgp>
More information about the AppArmor
mailing list