What is the state of AppArmor network rules in the latest kernel?

linux-kernel apparmor

I decided to give AppArmor a try and while it works great at restricting file access, signals handling etc., it completely ignores any network rules. It doesn't complain about anything, but it also doesn't restrict network access.

According to Arch forum, network rules used to work in old kernels, but they were later disabled for some reason. They suggest to compile the kernel with some patches to re-enable the functionality.

Could anybody please give me more insight into the reasons AppArmor network rules were disabled? And since compiling a custom kernel is always a bit of an inconvenience (not impossible though, especially on NixOS), are there any plans to re-enable it? If I wait for a couple of months, is there a chance the rules will be supported by stock upstream kernel? Thanks!


As of today, the documentation contains parts for unreleased features. Therefore some network policies work (usually the simple ones like "allow all TCP"), some don't.

Related

How to renew VMware certificate in Veeam
docker node ls is showing only master node in Azure
mount nfs as another folder on home
What is the meaning of the values of the Protocols field from Get-TlsCipherSuite Output?
Ratelimit IPs for UDP traffic in ipset list before being sent over GRE tunnel
Dovecot not listening on any port
Users cleaning in debian
Postfix double relay configuration
RAID drive - Mechanical Positioning Error
Why are braid numbers of the form $Q_h^2$ or $2 \times Q_h^2$?
H0w have group theory and fractal geometry been combined?
Every Tychonoff space is an image of a Moscow space under a continuous open mapping.