What is the state of AppArmor network rules in the latest kernel?
I decided to give AppArmor a try and while it works great at restricting file access, signals handling etc., it completely ignores any network rules. It doesn't complain about anything, but it also doesn't restrict network access.
According to Arch forum, network rules used to work in old kernels, but they were later disabled for some reason. They suggest to compile the kernel with some patches to re-enable the functionality.
Could anybody please give me more insight into the reasons AppArmor network rules were disabled? And since compiling a custom kernel is always a bit of an inconvenience (not impossible though, especially on NixOS), are there any plans to re-enable it? If I wait for a couple of months, is there a chance the rules will be supported by stock upstream kernel? Thanks!
As of today, the documentation contains parts for unreleased features. Therefore some network policies work (usually the simple ones like "allow all TCP"), some don't.