[apparmor] [Merge] lp:~talkless/apparmor/fix_traceroute_tcp into lp:apparmor
Vincas Dargis
vindrg at gmail.com
Tue Jul 4 15:22:43 UTC 2017
About net_admin: Christian Boltz suggested that [0]:
> I'd like to avoid it"
Abuout Debian/Ubuntu:
> I suspect that traceroute does just the same on Debian *but* some AppArmor
> mediation only supported in the Ubuntu kernel blocks it there.
Maybe.. though `strace` does not show these calls on Debian at all. It does not even try to apply these SO_RCVBUFFORCE/SO_SNDBUFFORCE options at all:
# strace -e setsockopt traceroute -T google.com >/dev/null
setsockopt(3, SOL_IP, IP_MTU_DISCOVER, [0], 4) = 0
setsockopt(3, SOL_SOCKET, SO_TIMESTAMP, [1], 4) = 0
setsockopt(3, SOL_IP, IP_RECVTTL, [1], 4) = 0
setsockopt(3, SOL_IP, IP_RECVERR, [1], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [1], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [2], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [3], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [4], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [5], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [6], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [7], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [8], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [9], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [10], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [11], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [12], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [13], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [14], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [15], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [16], 4) = 0
setsockopt(3, SOL_IP, IP_TTL, [17], 4) = 0
Maybe I should ask traceroute upstream developers about that..?
[0] https://lists.ubuntu.com/archives/apparmor/2017-June/010785.html
--
https://code.launchpad.net/~talkless/apparmor/fix_traceroute_tcp/+merge/326260
Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/fix_traceroute_tcp into lp:apparmor.
More information about the AppArmor
mailing list