Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.3K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

mxk

I like to remind everyone using that deny rules are dangerous.
Especially if you are dealing with interfaces with no/limited ways of communicating errors, for example when you want to pass a TCP-Socket over a Unix-socket and the receiving process runs under a "deny network inet stream" rule (Ubuntu Extended Apparmor)

Jan 26, 2023, 02:09 PM·Public·Tusky
0boosts·0favorites
Public
seeket

@mxk Yes, true. And most users are not aware that deny rules are also honored in complain mode. The problem is that deny rules are not logged by default. But fortunately this can be changed:

man.archlinux.org/man/extra/ap

man.archlinux.orgapparmor(7) — Arch manual pages
ExploreLive feeds
About