Fine-grained network security for snaps is going to be fantastic, but it's also a rich area, and when networking policy stuff is done simplistically it becomes awkward more than useful.
I'd suggest that we start now working up detailed design on the topic, so that when we are ready to start implementing we have confidence that the policy language is appropriate. I'm happy to participate in a discussion on this in Salt Lake City at the next roadmap review, would suggest the security team representatives bring a Discourse draft that's had some review by the snapd team for discussion. Mark -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/796588 Title: Fine-grained network mediation Status in AppArmor: In Progress Status in apparmor package in Ubuntu: Triaged Status in linux package in Ubuntu: Triaged Bug description: Binary package hint: apparmor This is a wishlist item / feature request. Increase the granularity of network restrictions to allow specification of which ports or ranges of ports can or can't be used by an application. This functionality is available in systrace if either the example or code would be of help: http://en.wikipedia.org/wiki/Systrace http://www.systrace.org/ To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/796588/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
