[apparmor] IPC and sockets
John Johansen
john.johansen at canonical.com
Thu Feb 15 19:37:46 UTC 2018
On 02/15/2018 07:21 AM, Viacheslav Salnikov wrote:
> OK, let me be more specific:
>
> does AppArmor complain about communication through the unix domain sockets into dmesg?
>
yes
> All I've got - AppArmor can restrict access to named unix socket as a file - because it is a file - without using "deny unix". Actually, deny unix does not work for me with named sockets.
>
>
currently the unix fs sockets can only be mediated as files without typing info. This will be extended, but there hasn't been a decision as to whether it is done through a file conditional
something like
type=af_unix /foo rw,
or whether its through the socket rules
More information about the AppArmor
mailing list