[AppArmor] lab 41.2

thomas.bucaioni

After several attempts on Ubuntu 20.04 running at Aws (on fresh installs), the ping-x command is never blocked. But on OpenSuse running locally in a virtual machine, the beginning of the lab exercise rolls out as expected.
The first difference is that no network family is asked so the line

network inet raw,

in /etc/appamor.d/bin.ping-x doesn't appear.
Also, if I don't run sudo setcap cap_net_raw-ep /bin/ping-x, the command ping-x -c3 -6 ::1 isn't blocked.

Aws has free-tier Ubuntu, RedHat and SLE. But the former two seem to need a registered account, otherwise they're curbed. Isn't it?

coop

we don't do any testing on the AWS platform and you are on your own. There is only a suggestion you can play with it, so have fun.

thomas.bucaioni

For both an Ubuntu 20.04.2.0 LTS and an Ubuntu Server 20.04.2 virtual boxes (fresh install from the official website), the same happens: the ping-x command runs even after installing the apparm* packages and rebooting

lee42x

There are a couple of items:

When we first create ping-x there is no apparmor file in the /etc/appamor.d/ directory.

There is no ipv6 component in this part of the lab, please use only ipv4, one will notice the ip address 127.0.0.1 is used not "localhost" .

In step 3 use "cap_net_raw+ep" please.

Regards Lee

thomas.bucaioni

Understood, only ipv4. Thank you for the update