[apparmor] [PATCH 07/13] Make expressing all capabilities easier
Christian Boltz
apparmor at cboltz.de
Fri Feb 24 16:46:39 UTC 2012
Hello,
Am Freitag, 24. Februar 2012 schrieb John Johansen:
> On 02/15/2012 03:01 AM, Christian Boltz wrote:
> > Am Dienstag, 14. Februar 2012 schrieb John Johansen:
> >> Allow the capability rule to be bare to represent all
> >> capabilities
> >> similar to how network, and other rule types work.
> >>
> >> capability,
> >
> > I hope not too many people use this ;-) but nevertheless here's
> > the
> > patch to update apparmor.vim to support it. Using just
> > "capability" will be marked in the "dangerous capability" color.
> >
> > Additionally, the patch removes the (already commented out) code
> > for "set capability".
>
> can you commit this, I have tried a couple of times with the attached
> patch and patch just fails complaining of a malformed patch
I'm not surprised about the complaints ;-) because I already commited it
to trunk (r1937). (Did you run "make" to generate an up-to-date
apparmor.vim from the *.in?)
The 2.7 branch doesn't need the patch because 2.7 doesn't support
capability,
("capability $whatever" is already supported in 2.7's apparmor.vim)
Regards,
Christian Boltz
--
"Praktische Erfahrung ist viel Wert. Nur mal davon gehört zu haben, daß
etwas nicht funktioniert, ist eine Sache - den GNOME Dateidialog selbst
benutzt haben zu müssen, eine ganz andere." -- Steffen Winterfeldt
More information about the AppArmor
mailing list