Bug#807369: apparmor: Apparmor "deny network" not working in Jessie

2016-06-29 Thread Simon Ruderich
On Mon, Jun 27, 2016 at 11:15:26PM +0100, Simon McVittie wrote: > On Thu, 11 Feb 2016 at 17:03:22 +0100, Simon Ruderich wrote: >> Without network mediation local UNIX access is a big >> problem (DBUS). > > [snip] > > Normal filesystem-backed Unix sockets are mediated by ordinary file-based > AppArm

Bug#807369: apparmor: Apparmor "deny network" not working in Jessie

2016-06-27 Thread Simon McVittie
On Thu, 11 Feb 2016 at 17:03:22 +0100, Simon Ruderich wrote: > Without network mediation local UNIX access is a big > problem (DBUS). That's because D-Bus has traditionally used the Linux-specific "abstract" Unix sockets for the session bus on Linux, to avoid issues where the socket persists long

Bug#807369: apparmor: Apparmor "deny network" not working in Jessie

2016-02-12 Thread intrigeri
Control: retitle -1 Document which AppArmor features are not support in Debian Hi, apparently users are confused by upstream documentation (that assumes all out-of-tree kernel patches are applied), or by the documentation we ship (that also advertises features we can't support with a kernel as cl

Bug#807369: apparmor: Apparmor "deny network" not working in Jessie

2016-02-11 Thread Simon Ruderich
Package: apparmor Version: 2.10-3 Followup-For: Bug #807369 Control: severity important Hello, I just stumbled over this bug when I tried to restrict my local SSH setup. Without network mediation local UNIX access is a big problem (DBUS). I'd really like to get this working in Debian, but in the

Bug#807369: apparmor: Apparmor "deny network" not working in Jessie

2015-12-08 Thread intrigeri
Hi, Adam Jvok wrote (08 Dec 2015 06:49:23 GMT) : > Does this imply that 'deny network' isn't going to work in any future debian > unless someone has published a patch before the kernel is built > (Or, unless this functionality goes in the kernel proper, eliminating the > need for > a patch.)? Th

Bug#807369: apparmor: Apparmor "deny network" not working in Jessie

2015-12-07 Thread Adam Jvok
Thanks for your confirmation. Does this imply that 'deny network' isn't going to work in any future debian unless someone has published a patch before the kernel is built (Or, unless this functionality goes in the kernel proper, eliminating the need for a patch.)? Are there any plans to rectif

Bug#807369: apparmor: Apparmor "deny network" not working in Jessie

2015-12-07 Thread intrigeri
Hi, Adam Jvok wrote (08 Dec 2015 01:14:22 GMT) : > The patches for other versions contain 'basic-networking-rules.patch'. > I am suspicious that the lack of such a patch might be the root of the > problem. Right. Cheers, -- intrigeri

Bug#807369: apparmor: Apparmor "deny network" not working in Jessie

2015-12-07 Thread Adam Jvok
Subject: apparmor: Apparmor "deny network" not working in Jessie Package: apparmor Version: 2.9.0-3 Severity: normal Dear Maintainer, I would like to prevent a program being able to access the network by using apparmor. I've used apparmor successfully in the past for non-network stuff but am hav