[apparmor] Regarding header file for default capabilities
swarna latha
sswarnas at gmail.com
Wed Apr 21 13:41:23 UTC 2021
Hi,
We are working on enforcing profile for a process. This process uses a
library to
run the process in non-root mode, which in turn needs a set of
capabilities.
When creating a profile, we want this capabilities to be kept separate and
want this to be included. when we tried to add the capability in a
separate file as
capability chown, in "common_caps" and included that in our main profile,
getting error as "unexpected TOK_capabiltiy, expecting $end".
we are not able to use Variables in capability, as it seems we can use
variables only in FILE RULE and not in CAPABILITY rule.
As this library is not an executable, we are not able to define child/sub
profile also.
Can someone throw lights on how to implement a set of default
capabilities to be added in all profiles (preferably in header file)
Thanks,
Swarna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20210421/4fc5195a/attachment.html>
More information about the AppArmor
mailing list