Welcome to the Linux Foundation Forum!

[AppArmor] lab 41.2

After several attempts on Ubuntu 20.04 running at Aws (on fresh installs), the ping-x command is never blocked. But on OpenSuse running locally in a virtual machine, the beginning of the lab exercise rolls out as expected.
The first difference is that no network family is asked so the line

network inet raw,

in /etc/appamor.d/bin.ping-x doesn't appear.
Also, if I don't run sudo setcap cap_net_raw-ep /bin/ping-x, the command ping-x -c3 -6 ::1 isn't blocked.

Aws has free-tier Ubuntu, RedHat and SLE. But the former two seem to need a registered account, otherwise they're curbed. Isn't it?

Comments

  • coop
    coop Posts: 842

    we don't do any testing on the AWS platform and you are on your own. There is only a suggestion you can play with it, so have fun.

  • For both an Ubuntu 20.04.2.0 LTS and an Ubuntu Server 20.04.2 virtual boxes (fresh install from the official website), the same happens: the ping-x command runs even after installing the apparm* packages and rebooting

  • lee42x
    lee42x Posts: 351

    There are a couple of items:

    When we first create ping-x there is no apparmor file in the /etc/appamor.d/ directory.

    There is no ipv6 component in this part of the lab, please use only ipv4, one will notice the ip address 127.0.0.1 is used not "localhost" .

    In step 3 use "cap_net_raw+ep" please.

    Regards Lee

  • Understood, only ipv4. Thank you for the update

Categories

Upcoming Training