Changes between Initial Version and Version 1 of Ticket #14270, comment 5


Ignore:
Timestamp:
Jan 22, 2015, 11:44:56 AM (5 years ago)
Author:
intrigeri
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #14270, comment 5

    initial v1  
    22> The current idea is to use the SocksSocket option + confinement (e.g. done by AppAmor).
    33
    4 Note that socket mediation with AppArmor is currently only available with out-of-tree kernel patches, that are only applied in Ubuntu (and perhaps OpenSUSE and/or hardened Gentoo) AFAIK. FTR, the Canonical guy who is working on having these patches in mainline Linux is John Johansen <john.johansen@canonical.com>.
     4Note that network mediation with AppArmor (http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Network_rules) is currently only available with out-of-tree kernel patches, that are only applied in Ubuntu (and perhaps OpenSUSE and/or hardened Gentoo) AFAIK. FTR, the Canonical guy who is working on having these patches in mainline Linux is John Johansen <john.johansen@canonical.com>.