Hello, Am Donnerstag, 12. Oktober 2017, 18:18:53 CEST schrieb Vincas Dargis: > Could you clarify, why Ubuntu should have issues, if they had network > mediation before?
It turned out that the added "network unix dgram/stream" rules are not really needed. Let me explain ;.-) In theory apparmor_parser should downgrade the "unix" rules in abstractions/base to "network unix" rules (when using Kernel < 4.15), which allows more than "network unix dgram/stream". In practise this rule downgrade was broken in apparmor_parser, and got fixed in AppArmor 2.11.1, 2.10.3 and 2.9.5. So once you update apparmor_parser to one of these versions, profiles that include abstractions/base (which basically means all profiles) should no longer need the "network unix dgram/stream" rules. This also explains why Ubuntu users didn't see this problem - their kernel supports 'unix' rules since years, so the rule downgrade to 'network unix' was not needed. Note that the patch discussed in this bugreport adds a few other rules - those will still be needed. Regards, Christian Boltz -- > All cats purr at 28hz. I think your cats need tuning - according to a couple of quick measure- ments on a recently calibrated reference cat, the dominant frequency of a correctly adjusted cat should be 12Hz +/-20%. [Lionel Lauer]
signature.asc
Description: This is a digitally signed message part.
