mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

let a profile set a tasks caps, similar to fscaps

Browse Source
This commit is contained in:
John Johansen
2008-04-06 18:55:27 +00:00
parent 13e04a9f02
commit 34f2c96700
6 changed files with 48 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
parser/parser_interface.c
View File

@@ -561,13 +561,15 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
return 0;
if (!sd_write_structend(p))
return 0;
allowed_caps = profile->capabilities & ~profile->deny_caps;
allowed_caps = (profile->capabilities | profile->set_caps) & ~profile->deny_caps;
if (!sd_write32(p, allowed_caps))
return 0;
if (!sd_write32(p, allowed_caps & profile->audit_caps))
return 0;
if (!sd_write32(p, profile->deny_caps & profile->quiet_caps))
return 0;
if (!sd_write32(p, profile->set_caps & ~profile->deny_caps))
return 0;
if (profile->network_allowed) {
int i;