[Apparmor-general] Network access not granular enough?
Peter Pauly
ppauly at gmail.com
Fri Feb 1 06:26:52 MST 2008
Network access seems to be an all-or-nothing affair. I want to be able
to control which network protocols and ports a process can use, for
example:
Apache - tcp/80 and tcp/443 only
sendmail - tcp/25 only
Also a distinction should be made between opening a connection to
another system and opening up a socket for "listening". Firefox would
be able to connect to other ports, but could not be a server.
you get the idea.
Is this possible? Is this on the roadmap?
More information about the Apparmor-general
mailing list