[opensuse] apparmor and bin.ping from factory
Hi, so by default, the yast control panel apparmoar/"Profile Mode Configuration" shows: bin.ping enforce sbin.klogd enforce etc. With bin.ping being enabled, one cannot use the ping utility anymore, neither as normal user nor as root. According to strace, socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = -1 EACCES (Permission denied) already fails. Is this really intended? Jan -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
+++ Jan Engelhardt [10/08/07 20:23 +0200]:
Hi,
so by default, the yast control panel apparmoar/"Profile Mode Configuration" shows:
bin.ping enforce sbin.klogd enforce etc.
With bin.ping being enabled, one cannot use the ping utility anymore, neither as normal user nor as root. According to strace,
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = -1 EACCES (Permission denied)
already fails. Is this really intended?
Jan -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
This is incomplete policy for ping - you can correct by running aa-logprof from the command line. Thanks for the report. Will update the policy for the next release. -dom -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Aug 10, 2007 at 12:49:31PM -0600, Dominic Reynolds wrote:
+++ Jan Engelhardt [10/08/07 20:23 +0200]:
Hi,
so by default, the yast control panel apparmoar/"Profile Mode Configuration" shows:
bin.ping enforce sbin.klogd enforce etc.
With bin.ping being enabled, one cannot use the ping utility anymore, neither as normal user nor as root. According to strace,
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = -1 EACCES (Permission denied)
already fails. Is this really intended?
Jan -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
This is incomplete policy for ping - you can correct by running aa-logprof from the command line. Thanks for the report. Will update the policy for the next release.
It should be OK in Beta1, at least it is for me. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Aug 10 2007 22:15, Marcus Meissner wrote:
This is incomplete policy for ping - you can correct by running aa-logprof from the command line. Thanks for the report. Will update the policy for the next release.
It should be OK in Beta1, at least it is for me.
apparmor-utils-2.0.2-28 apparmor-parser-2.0.2-39 apparmor-profiles-2.0.2-35 apparmor-docs-2.0.2-39 here... Jan -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Aug 10, 2007 at 10:32:07PM +0200, Jan Engelhardt wrote:
On Aug 10 2007 22:15, Marcus Meissner wrote:
This is incomplete policy for ping - you can correct by running aa-logprof from the command line. Thanks for the report. Will update the policy for the next release.
It should be OK in Beta1, at least it is for me.
apparmor-utils-2.0.2-28 apparmor-parser-2.0.2-39 apparmor-profiles-2.0.2-35
apparmor-profiles-2.0.2-38 here. So perhaps I got some factory updates too somehow. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Dominic Reynolds
-
Jan Engelhardt
-
Marcus Meissner