On 02/15/2018 07:21 AM, Viacheslav Salnikov wrote:
> OK, let me be more specific:
>
> does AppArmor complain about communication through the unix domain sockets
> into dmesg?
>
yes
> All I've got - AppArmor can restrict access to named unix socket as a file -
> because it is a file - without u
Hi Slava,
On Thu, Feb 15, 2018 at 05:21:43PM +0200, Viacheslav Salnikov wrote:
> does AppArmor complain about communication through the unix domain
> sockets into dmesg?
AppArmor's kernel mediation uses the audit facility, which on most systems
does go through dmesg, but with lossy rate-limiting
OK, let me be more specific:
does AppArmor complain about communication through the unix domain sockets
into dmesg?
All I've got - AppArmor can restrict access to named unix socket as a file
- because it is a file - without using "deny unix". Actually, deny unix
does not work for me with named so