[Bug 588185] New: AppArmor: network rule
http://bugzilla.novell.com/show_bug.cgi?id=588185 http://bugzilla.novell.com/show_bug.cgi?id=588185#c0 Summary: AppArmor: network rule Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86 OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: jeffm@novell.com ReportedBy: matwey.kornilov@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.1.8) Gecko/20100204 SUSE/3.5.8-0.1.1 Firefox/3.5.8 I suppose that there is a bug in AppArmor 2.3.1(bundled with opensuse 11.2). The 'network' rule is described in man page and openSUSE Security Guide for 11.2, but It doesn't work for me at all. Network connections aren't blocked and there aren't 'socket_create' messages in my /var/log/audit.log. I created threads in forum and some users confirmed the AppArmor behavior: http://forums.opensuse.org/applications/434684-apparmor-network-rule.html http://forums.novell.com/novell-product-support-forums/apparmor/404069-appar... Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588185 http://bugzilla.novell.com/show_bug.cgi?id=588185#c1 Jeff Mahoney <jeffm@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #1 from Jeff Mahoney <jeffm@novell.com> 2010-03-15 15:34:59 UTC --- This is a documentation error. The kernel doesn't call security hooks for anything other than inet or inet6 and apparmor-parser denies these keywords accordingly. AppArmor itself _could_ support them, but since the hooks aren't called, it doesn't have the opportunity to do so. I'll update the manpage for factory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588185 http://bugzilla.novell.com/show_bug.cgi?id=588185#c2 --- Comment #2 from Jeff Mahoney <jeffm@novell.com> 2010-03-15 15:59:52 UTC --- Scratch that. There was a build issue with apparmor-parser that caused it to miss the domain definitions. It's a bug. Thanks for the report. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588185 http://bugzilla.novell.com/show_bug.cgi?id=588185#c3 Jeff Mahoney <jeffm@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO CC| |aj@novell.com, | |ast@novell.com Info Provider| |ast@novell.com --- Comment #3 from Jeff Mahoney <jeffm@novell.com> 2010-03-15 19:37:32 UTC --- I've committed the fix for this to security:apparmor:factory, openSUSE 11.2, and SLE11 SP1. Anja, I have three fixes queued up for apparmor-parser. SR 34867 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588185 http://bugzilla.novell.com/show_bug.cgi?id=588185#c5 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:32010 --- Comment #5 from Swamp Workflow Management <swamp@suse.com> 2010-03-18 18:10:50 UTC --- The SWAMPID for this issue is 32010. Please submit the patch and patchinfo file using this ID. (https://swamp.suse.de/webswamp/wf/32010) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588185 http://bugzilla.novell.com/show_bug.cgi?id=588185#c6 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:32010 |maint:running:32010 | |maint:released:11.2:32215 --- Comment #6 from Swamp Workflow Management <swamp@suse.com> 2010-04-06 11:53:47 UTC --- Update released for: apparmor-parser, apparmor-parser-debuginfo, apparmor-parser-debugsource, apparmor-utils Products: openSUSE 11.2 (debug, i586, x86_64) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588185 http://bugzilla.novell.com/show_bug.cgi?id=588185#c Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:32010 |. |maint:released:11.2:32215 | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=588185 https://bugzilla.novell.com/show_bug.cgi?id=588185#c7 Jeff Mahoney <jeffm@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #7 from Jeff Mahoney <jeffm@novell.com> 2010-12-01 14:29:35 UTC --- Closing as FIXED. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588185 http://bugzilla.novell.com/show_bug.cgi?id=588185#c8 --- Comment #8 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (588185) was mentioned in https://build.opensuse.org/request/show/34867 11.2:Test / apparmor-parser -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com