[apparmor] [patch 4/6] add missing capabilities to severity.db
John Johansen
john.johansen at canonical.com
Thu Mar 22 22:13:53 UTC 2012
On 03/22/2012 03:08 PM, Christian Boltz wrote:
> Hello,
>
> Am Donnerstag, 22. März 2012 schrieb Steve Beattie:
>> CAP_WAKE_ALARM 8
>
yep
> This one is missing in apparmor.vim.
> I assume it translates to
> capability wake_alarm,
> in the profiles, therefore I propose the following patch:
>
> === modified file 'utils/vim/create-apparmor.vim.sh'
> --- utils/vim/create-apparmor.vim.sh 2011-08-21 21:49:25 +0000
> +++ utils/vim/create-apparmor.vim.sh 2012-03-22 22:04:14 +0000
> @@ -1,7 +1,7 @@
> #!/bin/bash
>
> # not-too-dangerous capabilities
> -sdKapKey="chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config syslog mknod lease"
> +sdKapKey="chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config syslog mknod lease wake_alarm"
>
> # dangerous capabilities
> sdKapKeyDanger="audit_control audit_write mac_override mac_admin set_fcap sys_admin sys_module sys_rawio"
>
>
> Regards,
>
> Christian Boltz
looks good
Acked-by: John Johansen <john.johansen at canonical.com>
More information about the AppArmor
mailing list