http://bugzilla.opensuse.org/show_bug.cgi?id=1061195
http://bugzilla.opensuse.org/show_bug.cgi?id=1061195#c4
--- Comment #4 from Christian Boltz ---
I updated to Kernel:HEAD today, and had an interesting evening in #apparmor ;-)
Regarding the now upstreamed network patch, let me just quote John:
<jjohansen> cboltz: ah yes, the upstreamed version fixes a couple
holes in the old patch suse carried
One of these "holes" were unix events, which explains the denials you noticed
(and that I also see now after installing 4.14rc2).
The final solution will be to add some "unix" rules - but that's hard at the
moment because 4.14 doesn't log all details needed for unix rules.
Instead, I'll add a temporary patch for abstractions/nameservice that adds
network unix dgram,
network unix stream,
(including a TODO note to replace it as soon as support for unix rules was
upstreamed, probably 4.15). These rules are broader than needed, but should
avoid user-visible breakage - and at least with 4.14, unix rules would get
downgraded to network unix anyway ;-)
Do you have any ETA when 4.14 will enter Tumbleweed?
I want to have the updated abstractions/nameservice in place before 4.14 enters
Tumbleweed, otherwise *lots of* things will break. To give you an impression
what "lots of" means - I had to adjust 40 profiles on my laptop ;-)
--
You are receiving this mail because:
You are on the CC list for the bug.