[Apparmor-general] Network access not granular enough?
John Johansen
jjohansen at suse.de
Fri Feb 1 09:54:06 MST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Peter Pauly wrote:
> Network access seems to be an all-or-nothing affair. I want to be able
> to control which network protocols and ports a process can use, for
> example:
>
> Apache - tcp/80 and tcp/443 only
> sendmail - tcp/25 only
>
> Also a distinction should be made between opening a connection to
> another system and opening up a socket for "listening". Firefox would
> be able to connect to other ports, but could not be a server.
>
> you get the idea.
>
> Is this possible? Is this on the roadmap?
Sorry it isn't possible yet. It is on the road map and it will
hopefully happen soon.
cheers
john
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFHo048i/GH5xuqKCcRAvVyAKCkNmdaqjx8i9XVDfA2HpFe+x6t2ACfflkq
tVynWAicPdQVsbwoN94BI6E=
=2AIk
-----END PGP SIGNATURE-----
More information about the Apparmor-general
mailing list