Fine-grained network mediation
Bug #796588 reported by
Lars Noodén
This bug affects 21 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
In Progress
|
High
|
Unassigned | ||
apparmor (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
linux (Ubuntu) |
Triaged
|
High
|
Unassigned |
Bug Description
Binary package hint: apparmor
This is a wishlist item / feature request.
Increase the granularity of network restrictions to allow specification of which ports or ranges of ports can or can't be used by an application. This functionality is available in systrace if either the example or code would be of help:
Changed in apparmor (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
summary: |
- Limit inet and inet6 access by source or destination port + Fine-grained network mediation |
Changed in apparmor (Ubuntu): | |
importance: | Medium → High |
Changed in apparmor (Ubuntu): | |
status: | Triaged → Confirmed |
Changed in apparmor: | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | New → Triaged |
Changed in apparmor (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
tags: | added: aa-kernel |
Changed in apparmor: | |
status: | In Progress → Confirmed |
tags: | added: kernel-net |
Changed in apparmor: | |
status: | Confirmed → In Progress |
tags: | added: kernel-key |
tags: | added: cscc |
To post a comment you must log in.
Yes, this ability should be coming in Oneiric, and we will hopefully have some test kernels out soon.