Re: [apparmor] Apparmor: Query on adding many capabilities in the custom header file

Sat, 24 Apr 2021 13:48:58 -0700 

Hello,

Am Samstag, 24. April 2021, 15:46:22 CEST schrieb Murali Selvaraj:
> Can you please guide me to resolve the above query on the header file
> with enabling many capabilities in the header file?

a) /nvram2/apparmor_boot/caps/common

    capability chown dac_override dac_read_search fowner fsetid kill ipc_lock 
sys_nice setpcap pc_owner sys_ptrace sys_chroot,

or (same meaning, but more readable)

    capability chown,
    capability dac_override,
    capability dac_read_search,
    capability fowner,
    capability fsetid,
    capability kill,
    capability ipc_lock,
    capability sys_nice,
    capability setpcap,
    capability pc_owner,
    capability sys_ptrace,
    capability sys_chroot,


b) /nvram2/apparmor_boot/usr.bin.test

    profile test /usr/bin/test flags=(attach_disconnected) {
        #include "/nvram2/apparmor_boot/caps/common"
        capability setuid,
        capability setgid,

        /sys/devices/system/cpu/online r,
        [... all your other rules ...]
    }

Note that you need to move the include inside the profile.


Regards,

Christian Boltz
-- 
>In Yast2-System-Editor /etc/sysconfig-Dateien in
>System-Kernel-MODULES_LOADED_ON_BOOT ide-scsi eintragen.
*JAUUUUUUUULLLLL* *ARRRGGHHHH*
Man reiche mir eine Klinik-Jahrespackung von $SCHMERZMITTEL!!!
[> Heinz Dittmar und David Haller in suse-linux]

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to