Confused about network rules #984
Replies: 1 comment 1 reply
-
|
These are unix rules. You always have local unix socket connection established across various services in most (all) UI app. Thus, you need to narrow your deny rules a bit.
|
Beta Was this translation helpful? Give feedback.
-
|
oh I see, that makes sense. deny network inet dgram, Would that be the appropriate work around? thanks |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I want to add deny network,
to okular and libreoffice but upon doing so it crashes the app and it will not work anymore. Both of the profiles used are from this project, only change I made was a local override of deny network,
I assumed they did not need internet
unless it is local sockets maybe?
I added audit deny network, to both to see what is denied and okular shows:
DENIED okular create info="failed af match" comm=okular family=unix sock_type=stream protocol=0 requested_mask=create denied_mask=create error=-13 addr=none
DENIED okular create info="failed af match" comm=okular family=unix sock_type=dgram protocol=0 requested_mask=create denied_mask=create addr=none error=-13
DENIED okular create info="failed af match" comm=QDBusConnection family=unix sock_type=stream protocol=0 requested_mask=create denied_mask=create error=-13 addr=none
libreoffice shows:
DENIED libreoffice create info="failed af match" comm=oosplash family=unix sock_type=stream protocol=0 requested_mask=create denied_mask=create addr=none error=-13
DENIED libreoffice create info="failed af match" comm=osl_executeProc family=unix sock_type=stream protocol=0 requested_mask=create denied_mask=create addr=none error=-13
I am somewhat confused by what exactly is being denied here, would appreciate some help,
thanks
Beta Was this translation helpful? Give feedback.
All reactions