mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 17:01:00 +01:00
9b2aa90b06
https://launchpad.net/bugs/1546455 Don't filter out AF_UNSPEC from the list of valid protocol families so that the parser will accept rules such as 'network unspec,'. There are certain syscalls, such as socket(2), where the LSM hooks are called before the protocol family is validated. In these cases, AppArmor was emitting denials even though socket(2) will eventually fail. There may be cases where AF_UNSPEC sockets are accepted and we need to make sure that we're mediating those appropriately. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Suggested-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com> [cboltz: Add 'unspec' to the network domain keywords of the utils] |
||
|---|---|---|
| .. | ||
| apparmor.css | ||
| Make-po.rules | ||
| Make.rules | ||
| Version | ||