[apparmor] downgrading extended network unix socket rule to generic network rule
jleivent
jleivent at comcast.net
Sun May 14 00:44:52 UTC 2023
I'm getting this warning from apparmor_parser: "Warning from profile foo
(ns): downgrading extended network unix socket rule to generic network
rule." Am I correct that this means the kernel I'm using does not
support any network rule more complex than just "network" itself,
meaning all or nothing?
If that's the case, how do I find kernels that support the ability to
at least differentiate between local host networking (network unix or
netlink) vs. others?
I'm using Debian 12. Would I'd be better off using Ubuntu or openSUSE
with recent kernels to get the necessary behavior? Or is there a way
to get it in Debian?
Thanks in advance.
More information about the AppArmor
mailing list