apparmor/parser/tst/features_files/features.extended-perms-no-policydb

capability {0xffffff
}
caps {extended {yes
}
mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore
}
}
dbus {mask {acquire send receive
}
}
domain {attach_conditions {xattr {yes
}
}
change_hat {yes
}
change_hatv {yes
}
change_onexec {yes
}
change_profile {yes
}
computed_longest_left {yes
}
disconnected.path {yes
}
fix_binfmt_elf_mmap {yes
}
interruptible {yes
}
kill.signal {yes
}
post_nnp_subset {yes
}
stack {yes
}
unconfined_allowed_children {yes
}
version {1.2
}
}
policy {outofband {0x000001
}
permstable32 {allow deny subtree cond kill complain prompt audit quiet hide xindex tag label
}
permstable32_version {0x000003
}
set_load {yes
}
versions {v5 {yes
}
v6 {yes
}
v7 {yes
}
v8 {yes
}
v9 {yes
}
}
}
query {label {data {yes
}
multi_transaction {yes
}
perms {allow deny audit quiet
}
}
}
parser: minimization - remove unnecessary second minimization pass Moving apply_and_clear_deny() before the first minimization pass, which was necessary to propperly support building accept information for older none extended permission dfas, allows us to also get rid of doing a second minimization pass if we want to force clearing explicit deny info from extended permission tables. Signed-off-by: John Johansen <john.johansen@canonical.com> 2024-05-10 03:06:22 -07:00			`capability {0xffffff`
			`}`
			`caps {extended {yes`
			`}`
			`mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore`
			`}`
			`}`
			`dbus {mask {acquire send receive`
			`}`
			`}`
			`domain {attach_conditions {xattr {yes`
			`}`
			`}`
			`change_hat {yes`
			`}`
			`change_hatv {yes`
			`}`
			`change_onexec {yes`
			`}`
			`change_profile {yes`
			`}`
			`computed_longest_left {yes`
			`}`
			`disconnected.path {yes`
			`}`
			`fix_binfmt_elf_mmap {yes`
			`}`
			`interruptible {yes`
			`}`
			`kill.signal {yes`
			`}`
			`post_nnp_subset {yes`
			`}`
			`stack {yes`
			`}`
			`unconfined_allowed_children {yes`
			`}`
			`version {1.2`
			`}`
			`}`
			`policy {outofband {0x000001`
			`}`
			`permstable32 {allow deny subtree cond kill complain prompt audit quiet hide xindex tag label`
			`}`
			`permstable32_version {0x000003`
			`}`
			`set_load {yes`
			`}`
			`versions {v5 {yes`
			`}`
			`v6 {yes`
			`}`
			`v7 {yes`
			`}`
			`v8 {yes`
			`}`
			`v9 {yes`
			`}`
			`}`
			`}`
			`query {label {data {yes`
			`}`
			`multi_transaction {yes`
			`}`
			`perms {allow deny audit quiet`
			`}`
			`}`
			`}`