touch-packages team mailing list archive

Thread
Date

[Bug 1169568] Re: aa-unconfined does not always display unconfined processes with dual-stack

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Thu, 09 Oct 2014 20:47:45 -0000
Reply-to: Bug 1169568 <1169568@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Tags added: aa-tools

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1169568

Title:
  aa-unconfined does not always display unconfined processes with dual-
  stack

Status in “apparmor” package in Ubuntu:
  Triaged

Bug description:
  In performing install audits for 13.04, I noticed that aa-unconfined
  did not list apache. Apache by default listens on both IPv4 and IPv6
  in Ubuntu 13.04, but only lists in netstat tcp6. Eg:

  $ sudo netstat -atuvpn|grep apache
  tcp6       0      0 :::80                   :::*                    LISTEN      1746/apache2
  $ w3m -dump http://192.168.122.242
  It works!
  ...
  $ sudo aa-status | grep apache
  $ sudo aa-unconfined | grep apache

  It works fine with ipv6 disabled:
  $ sudo netstat -atuvpn|grep apache
  tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2389/apache2
  $ sudo aa-unconfined | grep apache
  2389 /usr/lib/apache2/mpm-prefork/apache2 (/usr/sbin/apache2) not confined

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1169568/+subscriptions