[pkg-apparmor] Bug#712451: AppArmor ABI incompability - is it a userspace or kernel bug?
intrigeri
intrigeri at debian.org
Thu Aug 3 10:02:02 BST 2023
Hi,
Lambda Team (2023-04-18):
> I've encountered a bug on a fully updated Debian Bullseye that (perhaps
> also) makes the network directives of AppArmor not work
Right, as documented in the apparmor.d(5) manpage on Debian:
Some features are not supported on Debian yet:
Network Rules
DBus rules
Unix socket rules
This is tracked on https://bugs.debian.org/712451, which is probably
outdated, since I believe things have improved since the last update
there. As you mentioned, on Bookworm, with AppArmor 3.0 userspace, we
should have at least some support for network mediation (as in, given
a policy without any network rule, network operations will be denied).
If someone tested on Bookworm or newer, and reported back how they
tested this (ideally in a way that others can review & reproduce),
then we could:
- update the doc accordingly
- fix (or at least track) any remaining problem
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list