diff --git a/utils/aa-unconfined b/utils/aa-unconfined index a23a8d668..c834bcd20 100755 --- a/utils/aa-unconfined +++ b/utils/aa-unconfined @@ -30,7 +30,7 @@ _ = init_translation() # setup module translations parser = argparse.ArgumentParser(description=_("Lists unconfined processes having tcp or udp ports")) parser.add_argument("--paranoid", action="store_true", help=_("scan all processes")) -parser.add_argument("--show", default=None, type=str, help=_("all | server | client")) +parser.add_argument("--show", default=None, type=str, help=_("all | network | server | client")) parser.add_argument('--configdir', type=str, help=argparse.SUPPRESS) bin_group = parser.add_mutually_exclusive_group() bin_group.add_argument("--with-ss", action='store_true', help=_("use ss(8) to find listening processes (default)")) @@ -45,7 +45,7 @@ if args.paranoid: raise AppArmorException(_("Arguments --paranoid and --show=%s conflict") % args.show) show = 'all' if args.show is not None: - if not args.show or args.show not in ['all', 'server', 'client']: + if not args.show or args.show not in ['all', 'network', 'server', 'client']: raise AppArmorException(_("Argument --show invalid value '%s'") % args.show) show = args.show @@ -60,6 +60,8 @@ def map_show_to_flags(show): flags = '-nlp' if show == 'client': flags = '-np' + elif show == 'network': + flags = '-nap' return flags diff --git a/utils/aa-unconfined.pod b/utils/aa-unconfined.pod index cb1c635ee..fd111488a 100644 --- a/utils/aa-unconfined.pod +++ b/utils/aa-unconfined.pod @@ -39,12 +39,14 @@ Displays all processes visible from F filesystem, and whether they are confined by a profile or "not confined". Equivalent to I<--show=all>. -=item B<--show=(all|server|client)> +=item B<--show=(all|network|server|client)> Determines the set of processes to be displayed. I<--show=all> show all processes is equivalent to I<--paranoid> +I<--show=network> show only process with any sockets open. + I<--show=server> show only processes with listening sockets open. This is the B value if I<--show=> or I<--paranoid> are not specified.