From 726c3fc129ed65eb31fc72dd3d593ca32b4cf6ad Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 14 Oct 2020 04:47:59 -0700
Subject: [PATCH] parser: Make sure apparmor can build on old kernels

With the backport of static caps to support caps from newer kernels
in older build environments. Builds against older kernels broke
because not all of the newer capabilities are defined in the kernel
headers, nor in apparmor.

In particular

CAP_AUDIT_READ was added to the kernel in 3.16

and

CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL, CAP_SETFCAP, CAP_MAC_OVERRIDE,
CAP_MAC_ADMIN, CAP_SYSLOG, CAP_WAKE_ALARM, CAP_BLOCK_SUSPEND in 3.8

The apparmor kernel module was merge into the upstream kernel in 2.6.36.
In order to support all upstream kernels with apparmor add the set
of capabilities introduced since apparmor was merged upstream.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/655
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve.beattie@canonical.com>
---
 parser/parser_misc.c | 43 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 3 deletions(-)

diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index ad4ba8a71..09040096c 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -170,16 +170,53 @@ static int get_table_token(const char *name unused, struct keyword_table *table,
 	return -1;
 }
 
+
+#ifndef CAP_AUDIT_WRITE
+#define CAP_AUDIT_WRITE		29
+#endif
+
+#ifndef CAP_AUDIT_CONTROL
+#define CAP_AUDIT_CONTROL	30
+#endif
+
+#ifndef CAP_SETFCAP
+#define CAP_SETFCAP		31
+#endif
+
+#ifndef CAP_MAC_OVERRIDE
+#define CAP_MAC_OVERRIDE	32
+#endif
+
+#ifndef CAP_MAC_ADMIN
+#define CAP_MAC_ADMIN		33
+#endif
+
+#ifndef CAP_SYSLOG
+#define CAP_SYSLOG		34
+#endif
+
+#ifndef CAP_WAKE_ALARM
+#define CAP_WAKE_ALARM		35
+#endif
+
+#ifndef CAP_BLOCK_SUSPEND
+#define CAP_BLOCK_SUSPEND	36
+#endif
+
+#ifndef CAP_AUDIT_READ
+#define CAP_AUDIT_READ		37
+#endif
+
 #ifndef CAP_PERFMON
-#define CAP_PERFMON 38
+#define CAP_PERFMON		38
 #endif
 
 #ifndef CAP_BPF
-#define CAP_BPF 39
+#define CAP_BPF			39
 #endif
 
 #ifndef CAP_CHECKPOINT_RESTORE
-#define CAP_CHECKPOINT_RESTORE 40
+#define CAP_CHECKPOINT_RESTORE	40
 #endif
 
 static struct keyword_table capability_table[] = {