In 4.20 we landed some of the infrastructure to support this. Specifically secmark support was landed which provides the infrastructure needed for apparmor labels to interact with iptables and iptables to interact with apparmor.
This isn't something generally available for use yet as it infrastructure work necessary for full fine grained network mediation -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/796588 Title: Fine-grained network mediation Status in AppArmor: In Progress Status in apparmor package in Ubuntu: Triaged Status in linux package in Ubuntu: Triaged Bug description: Binary package hint: apparmor This is a wishlist item / feature request. Increase the granularity of network restrictions to allow specification of which ports or ranges of ports can or can't be used by an application. This functionality is available in systrace if either the example or code would be of help: http://en.wikipedia.org/wiki/Systrace http://www.systrace.org/ To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/796588/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
