← Back to team overview

touch-packages team mailing list archive

[Bug 1169568] Re: aa-unconfined does not always display unconfined processes with dual-stack

 

** Also affects: apparmor
   Importance: Undecided
       Status: New

** Changed in: apparmor
   Importance: Undecided => Low

** Changed in: apparmor
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1169568

Title:
  aa-unconfined does not always display unconfined processes with dual-
  stack

Status in AppArmor Linux application security framework:
  Triaged
Status in “apparmor” package in Ubuntu:
  Triaged

Bug description:
  In performing install audits for 13.04, I noticed that aa-unconfined
  did not list apache. Apache by default listens on both IPv4 and IPv6
  in Ubuntu 13.04, but only lists in netstat tcp6. Eg:

  $ sudo netstat -atuvpn|grep apache
  tcp6       0      0 :::80                   :::*                    LISTEN      1746/apache2
  $ w3m -dump http://192.168.122.242
  It works!
  ...
  $ sudo aa-status | grep apache
  $ sudo aa-unconfined | grep apache

  It works fine with ipv6 disabled:
  $ sudo netstat -atuvpn|grep apache
  tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2389/apache2
  $ sudo aa-unconfined | grep apache
  2389 /usr/lib/apache2/mpm-prefork/apache2 (/usr/sbin/apache2) not confined

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1169568/+subscriptions