[apparmor] IPC and sockets
Viacheslav Salnikov
slavasalnikovv at gmail.com
Fri Feb 16 09:47:09 UTC 2018
Many thanks, friends!
You gave me information I was looking for.
2018-02-15 21:37 GMT+02:00 John Johansen <john.johansen at canonical.com>:
> On 02/15/2018 07:21 AM, Viacheslav Salnikov wrote:
> > OK, let me be more specific:
> >
> > does AppArmor complain about communication through the unix domain
> sockets into dmesg?
> >
> yes
>
> > All I've got - AppArmor can restrict access to named unix socket as a
> file - because it is a file - without using "deny unix". Actually, deny
> unix does not work for me with named sockets.
> >
> >
> currently the unix fs sockets can only be mediated as files without typing
> info. This will be extended, but there hasn't been a decision as to whether
> it is done through a file conditional
>
> something like
>
> type=af_unix /foo rw,
>
> or whether its through the socket rules
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20180216/ab5eb037/attachment.html>
More information about the AppArmor
mailing list