Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debian{11,12}: socket bind deny policy loads but doesn't enforce rules #35

Open
tomaszjonak opened this issue May 4, 2023 · 3 comments
Open

Debian{11,12}: socket bind deny policy loads but doesn't enforce rules #35

tomaszjonak opened this issue May 4, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@tomaszjonak
Copy link
Contributor

tomaszjonak commented May 4, 2023
edited
Loading

Debian 12 as a kvm based vm on ubuntu 22.04. Kernel 6.1.0-7-amd64.

Source code: demo_socket_listen
@tomaszjonak tomaszjonak added the bug Something isn't working label May 4, 2023
@tomaszjonak
Copy link
Contributor Author

Same thing happens on debian 11 and amazon linux 2.

@tomaszjonak tomaszjonak changed the title Debian12/Bookworm: socket bind deny policy loads but doesn't enforce rules Debian{11,12}: socket bind deny policy loads but doesn't enforce rules May 11, 2023
@tomaszjonak tomaszjonak mentioned this issue May 11, 2023
Merged
@tomaszjonak
Copy link
Contributor Author

tomaszjonak commented May 11, 2023
edited
Loading

Amazon linux 2 was affected by different issue. It's fixed by #38.

@tomaszjonak
Copy link
Contributor Author

Checked default settings gcp k8s cluster today. Same stuff. According to k8s node serial console it's
Linux version 5.15.89+ (builder@localhost) (Chromium OS 14.0_pre445002_p20220217-r3 clang version 14.0.0.
Didn't set up ssh access so couldn't confirm output from say uname -r.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tomaszjonak