Hi, Heenec (2020-04-09): > intrigeri: >> FWIW, this is now mentioned in the manpage that documents the policy >> language: apparmor.d(5) > > Maybe I have not read the manual thoroughly enough, but I have not found > mentions of features that does not work in Debian yet.
On my sid system I see this on top of apparmor.d(5): NAME apparmor.d - syntax of security profiles for AppArmor. DESCRIPTION AppArmor profiles describe mandatory access rights granted to given programs and are fed to the AppArmor policy enforcement module using apparmor_parser(8). This man page describes the format of the AppArmor configuration files; see apparmor(7) for an overview of AppArmor. Some features are not supported on Debian yet: Network Rules DBus rules Unix socket rules > Maybe such notice should be placed in "Network Rules" section of the > manual? Or in "KNOWN BUGS"? So that newcomers will not be misguided > (like me). I would gladly review a MR against Vcs-Git that implements this :)