[apparmor] [patch] small fix for capability series

Steve Beattie steve at nxnw.org
Thu Mar 22 21:38:26 UTC 2012 

On Thu, Mar 22, 2012 at 04:37:22PM -0500, Jamie Strandboge wrote:
> On Thu, 2012-03-22 at 14:33 -0700, Steve Beattie wrote:
> > When creating the prior abstraction patches, I mistakenly converted
> > /usr/include/linux/capability.h to <sys/capability.h>. This patch
> > corrects the issue.
> > 
> > === modified file 'common/Make.rules'
> > --- common/Make.rules	2012-03-22 20:19:27 +0000
> > +++ common/Make.rules	2012-03-22 21:29:40 +0000
> > @@ -157,7 +157,7 @@
> >  # =====================
> >  
> >  # emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
> > -CAPABILITIES=$(shell echo "\#include <sys/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
> > +CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
> >  
> >  .PHONY: list_capabilities
> >  list_capabilities: /usr/include/linux/capability.h
> > 
> 
> NAK. Isn't this needed in addition?

Yes, correct. Acked-By: Steve Beattie <sbeattie at ubuntu.com>

> Index: apparmor-2.7.102/common/Make.rules
> ===================================================================
> --- apparmor-2.7.102.orig/common/Make.rules	2012-03-22 16:34:20.000000000 -0500
> +++ apparmor-2.7.102/common/Make.rules	2012-03-22 16:36:29.000000000 -0500
> @@ -152,12 +152,12 @@
>  
>  # =====================
>  # generate list of capabilities based on
> -# /usr/include/sys/capabilities.h for use in multiple locations in
> +# /usr/include/linux/capabilities.h for use in multiple locations in
>  # the source tree
>  # =====================
>  
>  # emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
> -CAPABILITIES=$(shell echo "\#include <sys/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
> +CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
>  
>  .PHONY: list_capabilities
>  list_capabilities: /usr/include/linux/capability.h
> Index: apparmor-2.7.102/utils/Makefile
> ===================================================================
> --- apparmor-2.7.102.orig/utils/Makefile	2012-03-22 16:34:20.000000000 -0500
> +++ apparmor-2.7.102/utils/Makefile	2012-03-22 16:36:38.000000000 -0500
> @@ -74,7 +74,7 @@
>  # ${CAPABILITIES} is defined in common/Make.rules
>  .PHONY: check_severity_db
>  .SILENT: check_severity_db
> -check_severity_db: /usr/include/sys/capability.h severity.db
> +check_severity_db: /usr/include/linux/capability.h severity.db
>  	# The sed statement is based on the one in the parser's makefile
>  	RC=0 ; for cap in ${CAPABILITIES} ; do \
>  	    if !  grep -q -w $${cap} severity.db ; then \


-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120322/4f0736a8/attachment.pgp>

More information about the AppArmor mailing list