Hi, We are working on enforcing profile for a process. This process uses a library to run the process in non-root mode, which in turn needs a set of capabilities.
When creating a profile, we want this capabilities to be kept separate and want this to be included. when we tried to add the capability in a separate file as capability chown, in "common_caps" and included that in our main profile, getting error as "unexpected TOK_capabiltiy, expecting $end". we are not able to use Variables in capability, as it seems we can use variables only in FILE RULE and not in CAPABILITY rule. As this library is not an executable, we are not able to define child/sub profile also. Can someone throw lights on how to implement a set of default capabilities to be added in all profiles (preferably in header file) Thanks, Swarna
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
