On Mon, Apr 19, 2021 at 11:16:11PM +0530, Murali Selvaraj wrote:
> As per our design , we are applying certain capabilities to all my profiles.
>
> -> created custom include files as follow #include "relative_path"
>
> @{default_caps}=chown,dac_override,dac_read_search,fowner,fsetid,kill,ipc_lock,sys_nice,setpcap,ipc_owner,sys_ptrace,sys_chroot
>
> -> Adding this header file in the required apparmor profiles.
> #include "relative_path"
> capabilty @{default_caps},
>
> -> While parsing the apparmor profiles into Kernel, observing below errors.
> syntax error, unexpected TOK_EQUALS, expecting TOK_MODEThe set variables in AppArmor aren't a generic text replacement tool, they're specialized for managing the combinatorial explosion of different distributions putting 'the same' files in different locations, managing typical unix usernames in directory structures, etc. You could get something very similar by making a new abstraction file just for your capabilities: path/to/whatever/abstractions/default_service_capabilities: capability chown dac_override dac_read_search fowner fsetid kill ipc_lock sys_nice setpcap ipc_owner sys_ptrace sys_chroot, And then in your profiles: #include "path/to/whatever/abstractions/default_service_capabilities" I hope this helps. Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
