[apparmor] Apparmor: Query on adding many capabilities in the custom header file
John Johansen
john.johansen at canonical.com
Thu Apr 22 05:21:00 UTC 2021
On 4/20/21 10:01 AM, Murali Selvaraj wrote:
> Hi All,
>
> As per our design , we are applying certain capabilities to all my profiles.
>
> -> created custom include files as follow in #include "relative_path"
> @{default_caps}=chown,dac_override,dac_read_search,fowner,fsetid,kill,ipc_lock,sys_nice,setpcap,ipc_owner,sys_ptrace,sys_chroot
>
> -> Adding this header file in the required apparmor profiles.
> #include "relative_path"
> capability @{default_caps},
>
> -> While parsing the apparmor profiles into Kernel, observing below errors.
> syntax error, unexpected TOK_EQUALS, expecting TOK_MODE
>
> Can someone help me to clarify the above queries.
>
At this time variable assignment can not be done in the profile body. It can only appear in the profile header. You need to rework your profile to do
include "relative_path"
profile example {
capability @{default_caps},
}
More information about the AppArmor
mailing list