[apparmor] [patch] apparmor.vim: move cap_sys_module and cap_sys_rawio to "dangerous" capabilities

[Steve Beattie]

On Sat, Apr 09, 2011 at 06:26:56PM +0200, Christian Boltz wrote:
> as proposed by Seth today, here's a patch for create-apparmor.vim.sh:
> 
> - move cap_sys_module and cap_sys_rawio to "dangerous" capabilities
> - sorted sdKapKeyDanger

Yep, agreed that those should be marked as dangerous.

Acked-By: Steve Beattie <sbeattie at ubuntu.com>

Thanks!

> === modified file 'utils/vim/create-apparmor.vim.sh'
> --- utils/vim/create-apparmor.vim.sh	2011-04-05 21:56:14 +0000
> +++ utils/vim/create-apparmor.vim.sh	2011-04-09 16:20:35 +0000
> @@ -1,10 +1,10 @@
>  #!/bin/bash
>  
>  # not-too-dangerous capabilities
> -sdKapKey="chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease"
> +sdKapKey="chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease"
>  
>  # dangerous capabilities
> -sdKapKeyDanger="sys_admin audit_control audit_write set_fcap mac_override mac_admin"
> +sdKapKeyDanger="audit_control audit_write mac_override mac_admin set_fcap sys_admin sys_module sys_rawio"
>  
>  sdNetworkProto="inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth"
>  


-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110409/ffce1c08/attachment.pgp>