aa-unconfined does not always display unconfined processes with dual-stack
Bug #1169568 reported by
Jamie Strandboge
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Triaged
|
Low
|
Unassigned | ||
| apparmor (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
Bug Description
In performing install audits for 13.04, I noticed that aa-unconfined did not list apache. Apache by default listens on both IPv4 and IPv6 in Ubuntu 13.04, but only lists in netstat tcp6. Eg:
$ sudo netstat -atuvpn|grep apache
tcp6 0 0 :::80 :::* LISTEN 1746/apache2
$ w3m -dump http://
It works!
...
$ sudo aa-status | grep apache
$ sudo aa-unconfined | grep apache
It works fine with ipv6 disabled:
$ sudo netstat -atuvpn|grep apache
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2389/apache2
$ sudo aa-unconfined | grep apache
2389 /usr/lib/
| Changed in apparmor (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| Changed in apparmor (Ubuntu): | |
| status: | Confirmed → Triaged |
| tags: | added: aa-tools |
| Changed in apparmor: | |
| importance: | Undecided → Low |
| status: | New → Triaged |
Revision history for this message
| Ralf Spenneberg (ralq) wrote | #1 |
To post a comment you must log in.
This is still the fact on LTS 16.04. A patch was posted on
https:/
It would be great if this would be added to the apparmor-utils.