aa-unconfined does not always display unconfined processes with dual-stack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Triaged
|
Low
|
Unassigned | ||
apparmor (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
In performing install audits for 13.04, I noticed that aa-unconfined did not list apache. Apache by default listens on both IPv4 and IPv6 in Ubuntu 13.04, but only lists in netstat tcp6. Eg:
$ sudo netstat -atuvpn|grep apache
tcp6 0 0 :::80 :::* LISTEN 1746/apache2
$ w3m -dump http://
It works!
...
$ sudo aa-status | grep apache
$ sudo aa-unconfined | grep apache
It works fine with ipv6 disabled:
$ sudo netstat -atuvpn|grep apache
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2389/apache2
$ sudo aa-unconfined | grep apache
2389 /usr/lib/
Changed in apparmor (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in apparmor (Ubuntu): | |
status: | Confirmed → Triaged |
tags: | added: aa-tools |
Changed in apparmor: | |
importance: | Undecided → Low |
status: | New → Triaged |
This is still the fact on LTS 16.04. A patch was posted on /lists. ubuntu. com/archives/ apparmor/ 2016-December/ 010307. html
https:/
It would be great if this would be added to the apparmor-utils.