2
0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00

Fixes for BZ 179656, 233768. Add new capabilities rating to sverity.db,

localization fixes in SubDomain.pm and Reports.pm.
This commit is contained in:
Dominic Reynolds 2007-03-12 14:12:40 +00:00
parent 7b391f3d5c
commit 8fb0f8f3d1
3 changed files with 480 additions and 508 deletions

View File

@ -31,12 +31,11 @@ package Immunix::Reports;
################################################################################
use strict;
use Immunix::Ycp; # debug
use DBI;
use DBD::SQLite;
use POSIX;
use Locale::gettext;
use POSIX;
use ycp;
setlocale(LC_MESSAGES, "");
textdomain("Reports");
@ -263,7 +262,7 @@ sub checkEventDb {
};
if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
return;
}
@ -371,13 +370,13 @@ sub getNumPages {
};
if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
return;
}
$dbh->disconnect();
#Immunix::Ycp::y2milestone("Numpages Query: $query"); # debug
#ycp::y2milestone("Numpages Query: $query"); # debug
$numPages = pageRound($count/$numEvents);
if ( $numPages < 1 ) { $numPages = 1; }
@ -397,11 +396,11 @@ sub getNumPages {
close REP;
} else {
Immunix::Ycp::y2error(sprintf(gettext("Couldn't open file: %s."), $eventRep));
ycp::y2error(sprintf(gettext("Couldn't open file: %s."), $eventRep));
}
} else {
Immunix::Ycp::y2error(gettext("No type value passed. Unable to determine page count."));
ycp::y2error(gettext("No type value passed. Unable to determine page count."));
return("1");
}
@ -471,7 +470,7 @@ sub updateFiles {
if ( unlink("$oldFile") ) {
if ( ! rename ("$newFile", "$oldFile") ) {
if ( ! system('/bin/mv', "$newFile","$oldFile") ) {
Immunix::Ycp::y2error(sprintf(gettext("Failed copying %s."), $oldFile));
ycp::y2error(sprintf(gettext("Failed copying %s."), $oldFile));
return 1;
}
}
@ -584,7 +583,7 @@ sub exportLog {
close LOG;
} else {
Immunix::Ycp::y2error(sprintf(gettext("Export Log Error: Couldn't open %s"), $exportLog));
ycp::y2error(sprintf(gettext("Export Log Error: Couldn't open %s"), $exportLog));
}
# return($error);
}
@ -608,13 +607,13 @@ sub getXmlReport {
}
if ( ! $repName ) {
Immunix::Ycp::y2error(gettext("Fatal error. No report name given. Exiting."));
ycp::y2error(gettext("Fatal error. No report name given. Exiting."));
}
if ( ! $repConf || ! -e $repConf ) {
$repConf = '/etc/apparmor/reports.conf';
if ( ! -e $repConf ) {
Immunix::Ycp::y2error(sprintf(gettext("Unable to get configuration info for %s.
ycp::y2error(sprintf(gettext("Unable to get configuration info for %s.
Unable to find %s."), $repName, $repConf));
exit 1;
}
@ -655,7 +654,7 @@ sub getXmlReport {
if ($1) {
$rep{"$1"}= $2 unless $2 eq '-';
} else {
Immunix::Ycp::y2error(sprintf(gettext("Failed to parse: %s."), $_));
ycp::y2error(sprintf(gettext("Failed to parse: %s."), $_));
}
}
}
@ -664,7 +663,7 @@ sub getXmlReport {
close XML;
} else {
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s."), $repConf));
ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s."), $repConf));
exit 1;
}
@ -713,7 +712,7 @@ sub getCfInfo {
} else {
my $error = sprintf(gettext("Fatal Error. Can't run %s. Exiting."), $cfApp);
Immunix::Ycp::y2error($error);
ycp::y2error($error);
return $error;
}
@ -753,7 +752,7 @@ sub getEssStats {
}
if ( ! -e $targetDir ) {
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. No directory, %s, found. Exiting."), $targetDir));
ycp::y2error(sprintf(gettext("Fatal Error. No directory, %s, found. Exiting."), $targetDir));
return;
}
@ -772,7 +771,7 @@ sub getEssStats {
close TDIR;
} else {
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s. Exiting"), $targetDir));
ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s. Exiting"), $targetDir));
return;
}
@ -800,7 +799,7 @@ sub getEssStats {
};
if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
return;
}
@ -813,7 +812,7 @@ sub getEssStats {
};
if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
return;
}
@ -823,7 +822,7 @@ sub getEssStats {
};
if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
ycp::y2error(sprintf(gettext("DBI Execution failed: %s"), $DBI::errstr));
return;
}
@ -1487,7 +1486,7 @@ sub getEvents {
};
if ( $@ ) {
Immunix::Ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
return;
}
@ -1593,7 +1592,7 @@ sub getArchReport {
close REP;
} else {
Immunix::Ycp::y2error(sprintf(gettext("Fatal Error. getArchReport() couldn't open %s"), $eventRep));
ycp::y2error(sprintf(gettext("Fatal Error. getArchReport() couldn't open %s"), $eventRep));
return("Couldn't open $eventRep");
}

View File

@ -21,14 +21,13 @@
package Immunix::SubDomain;
use warnings;
use strict;
use warnings;
use Carp;
use Cwd qw(cwd realpath);
use File::Basename;
use Data::Dumper;
use File::Basename;
use Locale::gettext;
use POSIX;
@ -36,14 +35,62 @@ use Immunix::Severity;
require Exporter;
our @ISA = qw(Exporter);
our @EXPORT = qw(%sd $filename $profiledir $parser %qualifiers %include %helpers $UI_Mode which getprofilefilename getprofileflags setprofileflags complain enforce autodep reload UI_GetString UI_GetFile UI_YesNo UI_Important UI_Info getkey do_logprof_pass readconfig loadincludes check_for_subdomain UI_PromptUser $running_under_genprof GetDataFromYast SendDataToYast setup_yast shutdown_yast readprofile readprofiles writeprofile get_full_path fatal_error checkProfileSyntax checkIncludeSyntax);
our @EXPORT = qw(
%sd
$filename
$profiledir
$parser
%qualifiers
%include
%helpers
$UI_Mode
$running_under_genprof
no warnings 'all';
which
get_full_path
getprofilefilename
getprofileflags
setprofileflags
complain
enforce
autodep
reload
UI_GetFile
UI_GetString
UI_Important
UI_Info
UI_PromptUser
UI_YesNo
getkey
do_logprof_pass
readconfig
loadincludes
readprofile
readprofiles
writeprofile
check_for_subdomain
fatal_error
setup_yast
shutdown_yast
GetDataFromYast
SendDataToYast
checkProfileSyntax
checkIncludeSyntax
);
our $confdir = "/etc/apparmor";
our $running_under_genprof = 0;
our $finishing = 0;
our $DEBUGGING;
@ -110,6 +157,8 @@ my %seen;
my %profilechanges;
my %prelog;
my %log;
my @log;
my %pid;
my %changed;
my %skip;
our %helpers; # we want to preserve this one between passes
@ -237,11 +286,9 @@ sub setup_yast {
if ($ENV{YAST_IS_RUNNING}) {
# load the yast module if available.
eval { require Immunix::Ycp; };
eval { require ycp; };
unless ($@) {
import Immunix::Ycp;
no warnings 'all';
import ycp;
$UI_Mode = "yast";
@ -671,7 +718,7 @@ sub UI_Info ($) {
if ($UI_Mode eq "text") {
print "$text\n";
} else {
Immunix::Ycp::y2milestone($text);
ycp::y2milestone($text);
}
}
@ -701,9 +748,10 @@ sub UI_YesNo ($$) {
my $no = gettext("(N)o");
# figure out our localized hotkeys
$yes =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$yes'";
my $usrmsg = "PromptUser: " . gettext("Invalid hotkey for");
$yes =~ /\((\S)\)/ or fatal_error "$usrmsg '$yes'";
my $yeskey = lc($1);
$no =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$no'";
$no =~ /\((\S)\)/ or fatal_error "$usrmsg '$no'";
my $nokey = lc($1);
print "\n$text\n";
@ -740,12 +788,14 @@ sub UI_YesNoCancel ($$) {
my $no = gettext("(N)o");
my $cancel = gettext("(C)ancel");
my $usrmsg = "PromptUser: " . gettext("Invalid hotkey for");
# figure out our localized hotkeys
$yes =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$yes'";
$yes =~ /\((\S)\)/ or fatal_error "$usrmsg '$yes'";
my $yeskey = lc($1);
$no =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$no'";
$no =~ /\((\S)\)/ or fatal_error "$usrmsg '$no'";
my $nokey = lc($1);
$cancel =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey for '$cancel'";
$cancel =~ /\((\S)\)/ or fatal_error "$usrmsg '$cancel'";
my $cancelkey = lc($1);
$ans = "XXXINVALIDXXX";
@ -877,6 +927,14 @@ sub UI_PromptUser ($) {
$arg = $yarg->{selected};
}
if ($cmd eq "CMD_ABORT") {
confirm_and_abort();
$cmd = "XXXINVALIDXXX";
} elsif ($cmd eq "CMD_FINISHED") {
confirm_and_finish();
$cmd = "XXXINVALIDXXX";
}
return ($cmd, $arg);
}
@ -894,7 +952,7 @@ sub SendDataToYast {
while (<STDIN>) {
$DEBUGGING && debug "SendDataToYast: YCP: $_";
my ($ycommand, $ypath, $yargument) = Immunix::Ycp::ParseCommand ($_);
my ($ycommand, $ypath, $yargument) = ycp::ParseCommand($_);
if ($ycommand && $ycommand eq "Read") {
@ -903,7 +961,7 @@ sub SendDataToYast {
debug "SendDataToYast: Sending--\n$debugmsg";
}
Immunix::Ycp::Return($data);
ycp::Return($data);
return 1;
} else {
@ -926,7 +984,7 @@ sub GetDataFromYast {
while (<STDIN>) {
$DEBUGGING && debug "GetDataFromYast: YCP: $_";
my ($ycmd, $ypath, $yarg) = Immunix::Ycp::ParseCommand ($_);
my ($ycmd, $ypath, $yarg) = ycp::ParseCommand($_);
if ($DEBUGGING) {
my $debugmsg = Data::Dumper->Dump([$yarg], [qw(*data)]);
@ -935,7 +993,7 @@ sub GetDataFromYast {
if ($ycmd && $ycmd eq "Write") {
Immunix::Ycp::Return("true");
ycp::Return("true");
return ($ypath, $yarg);
} else {
@ -947,6 +1005,26 @@ sub GetDataFromYast {
fatal_error "GetDataFromYast: didn't receive YCP command before connection died";
}
sub confirm_and_abort {
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
if ($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
}
sub confirm_and_finish {
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if ($ans eq "y") {
UI_Info(gettext("Saving all changes."));
# need to wrap any calls to ui functions with eval { } blocks in order
# to catch this exception
die "FINISHING\n";
}
}
##########################################################################
# this is the hideously ugly function that descends down the flow/event
# trees that we've generated by parsing the logfile
@ -1013,9 +1091,7 @@ sub handlechildren {
$q->{functions} = [ ];
push @{$q->{functions}}, "CMD_ADDHAT";
push @{$q->{functions}}, "CMD_USEDEFAULT" if $defaulthat;
push @{$q->{functions}}, "CMD_DENY";
push @{$q->{functions}}, "CMD_ABORT";
push @{$q->{functions}}, "CMD_FINISHED";
push @{$q->{functions}}, "CMD_DENY", "CMD_ABORT", "CMD_FINISHED";
$q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ADDHAT" : "CMD_DENY";
@ -1037,21 +1113,6 @@ sub handlechildren {
$hat = $defaulthat;
} elsif ($ans eq "CMD_DENY") {
return;
} elsif($ans eq "CMD_ABORT") {
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
} elsif($ans eq "CMD_FINISHED") {
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
}
}
} elsif ($type eq "capability") {
@ -1208,9 +1269,7 @@ sub handlechildren {
push @{$q->{functions}}, "CMD_INHERIT" if $options =~ /i/;
push @{$q->{functions}}, "CMD_PROFILE" if $options =~ /p/;
push @{$q->{functions}}, "CMD_UNCONFINED" if $options =~ /u/;
push @{$q->{functions}}, "CMD_DENY";
push @{$q->{functions}}, "CMD_ABORT";
push @{$q->{functions}}, "CMD_FINISHED";
push @{$q->{functions}}, "CMD_DENY", "CMD_ABORT", "CMD_FINISHED";
$q->{default} = $default;
@ -1222,24 +1281,7 @@ sub handlechildren {
while ($ans !~ m/^CMD_(INHERIT|PROFILE|PROFILE_CLEAN|UNCONFINED|UNCONFINED_CLEAN|DENY)$/) {
($ans, $arg) = UI_PromptUser($q);
# check for Abort or Finish
if($ans eq "CMD_ABORT") {
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
$DEBUGGING && debug "back from abort yesno";
if($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
} elsif($ans eq "CMD_FINISHED") {
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
}
} elsif($ans eq "CMD_PROFILE") {
if ($ans eq "CMD_PROFILE") {
my $px_default = "n";
my $px_mesg = gettext("Should AppArmor sanitize the environment when\nswitching profiles?\n\nSanitizing the environment is more secure,\nbut some applications depend on the presence\nof LD_PRELOAD or LD_LIBRARY_PATH.");
if ($parent_uses_ld_xxx) {
@ -1340,33 +1382,6 @@ sub handlechildren {
}
}
sub do_logprof_pass {
my $logmark = shift || "";
# zero out the state variables for this pass...
%t = ( );
%transitions = ( );
%seen = ( );
%sd = ( );
%profilechanges = ( );
%prelog = ( );
%log = ( );
%changed = ( );
%skip = ( );
%variables = ( );
UI_Info(sprintf(gettext('Reading log entries from %s.'), $filename));
UI_Info(sprintf(gettext('Updating AppArmor profiles in %s.'), $profiledir));
readprofiles();
my $seenmark = $logmark ? 0 : 1;
$sevdb = new Immunix::Severity("$confdir/severity.db", gettext("unknown"));
my @log;
my %pid;
sub add_to_tree ($@) {
my ($pid, $type, @event) = @_;
@ -1379,6 +1394,11 @@ sub do_logprof_pass {
push @{$pid{$pid}}, [ $type, $pid, @event ];
}
sub read_log {
my $logmark = shift;
my $seenmark = $logmark ? 0 : 1;
my $stuffed = undef;
my $last;
# okay, done loading the previous profiles, get on to the good stuff...
@ -1573,17 +1593,9 @@ sub do_logprof_pass {
}
}
close(LOG);
for my $root (@log) {
handlechildren(undef, undef, $root);
}
for my $pid (sort { $a <=> $b } keys %profilechanges) {
setprocess($pid, $profilechanges{$pid});
}
collapselog();
sub ask_the_questions {
my $found;
# do the magic foo-foo
@ -1628,7 +1640,9 @@ sub do_logprof_pass {
push @{$q->{headers}}, gettext("Capability"), $capability;
push @{$q->{headers}}, gettext("Severity"), $severity;
$q->{functions} = [ "CMD_ALLOW", "CMD_DENY", "CMD_ABORT", "CMD_FINISHED" ];
$q->{functions} = [
"CMD_ALLOW", "CMD_DENY", "CMD_ABORT", "CMD_FINISHED"
];
# complain-mode events default to allow - enforce defaults to deny
$q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" : "CMD_DENY";
@ -1651,39 +1665,9 @@ sub do_logprof_pass {
UI_Info(sprintf(gettext('Adding capability %s to profile.'), $capability));
} elsif ($ans eq "CMD_DENY") {
UI_Info(sprintf(gettext('Denying capability %s to profile.'), $capability));
} elsif($ans eq "CMD_ABORT") {
# if we're in yast, they've already been asked for confirmation
if($UI_Mode eq "yast") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
} else {
redo;
}
} elsif($ans eq "CMD_FINISHED") {
# if we're in yast, they've already been asked for confirmation
if($UI_Mode eq "yast") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
}
my $ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
} else {
redo;
}
}
}
# and then step through all of the path entries...
@ -1847,7 +1831,10 @@ sub do_logprof_pass {
$q->{options} = [ @options ];
$q->{selected} = $defaultoption - 1;
$q->{functions} = [ "CMD_ALLOW", "CMD_DENY", "CMD_GLOB", "CMD_GLOBEXT", "CMD_NEW", "CMD_ABORT", "CMD_FINISHED" ];
$q->{functions} = [
"CMD_ALLOW", "CMD_DENY", "CMD_GLOB", "CMD_GLOBEXT", "CMD_NEW",
"CMD_ABORT", "CMD_FINISHED"
];
$q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" : "CMD_DENY";
@ -1964,21 +1951,6 @@ sub do_logprof_pass {
}
} elsif ($ans =~ /\d/) {
$defaultoption = $ans;
} elsif($ans eq "CMD_ABORT") {
$ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Abandoning all changes."));
shutdown_yast();
exit 0;
}
} elsif($ans eq "CMD_FINISHED") {
$ans = UI_YesNo(gettext("Are you sure you want to save the current set of profile changes and exit?"), "n");
if($ans eq "y") {
UI_Info(gettext("Saving all changes."));
$finishing = 1;
# XXX - BUGBUG - this is REALLY nasty, but i'm in a hurry...
goto SAVE_PROFILES;
}
}
}
}
@ -2231,7 +2203,7 @@ sub readprofile ($$) {
# deal with whitespace in profile and hat names.
$profile = $1 if $profile =~ /^"(.+)"$/;
$hat = $1 if $hat =~ /^"(.+)"$/;
$hat = $1 if $hat && $hat =~ /^"(.+)"$/;
# if we run into old-style hat declarations mark the profile as
# changed so we'll write it out as new-style
@ -2984,19 +2956,22 @@ sub Text_PromptUser ($) {
my @menu_items;
for my $cmd (@functions) {
# make sure we know about this particular command
fatal_error "PromptUser: Unknown command $cmd" unless $CMDS{$cmd};
my $cmdmsg = "PromptUser: " . gettext("Unknown command") . " $cmd";
fatal_error $cmdmsg unless $CMDS{$cmd};
# grab the localized text to use for the menu for this command
my $menutext = gettext($CMDS{$cmd});
# figure out what the hotkey for this menu item is
$menutext =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey in '$menutext'";
my $menumsg = "PromptUser: " . gettext("Invalid hotkey in") . " '$menutext'";
$menutext =~ /\((\S)\)/ or fatal_error $menumsg;
# we want case insensitive comparisons so we'll force things to lowercase
my $key = lc($1);
# check if we're already using this hotkey for this prompt
fatal_error "PromptUser: Duplicate hotkey for $cmd: $menutext" if $keys{$key};
my $hotkeymsg = "PromptUser: " . gettext("Duplicate hotkey for") . " $cmd: $menutext";
fatal_error $hotkeymsg if $keys{$key};
# keep track of which command they're picking if they hit this hotkey
$keys{$key} = $cmd;
@ -3014,12 +2989,14 @@ sub Text_PromptUser ($) {
my $defaulttext = gettext($CMDS{$default});
# figure out what the hotkey for this menu item is
$defaulttext =~ /\((\S)\)/ or fatal_error "PromptUser: Invalid hotkey in default item '$defaulttext'";
my $defmsg = "PromptUser: " . gettext("Invalid hotkey in default item") . " '$defaulttext'";
$defaulttext =~ /\((\S)\)/ or fatal_error $defmsg;
# we want case insensitive comparisons so we'll force things to lowercase
$default_key = lc($1);
fatal_error "PromptUser: Invalid default $default" unless $keys{$default_key};
my $defkeymsg = "PromptUser: " . gettext("Invalid default") . " $default";
fatal_error $defkeymsg;
}
my $widest = 0;
@ -3111,17 +3088,11 @@ sub Text_PromptUser ($) {
# pull our command back from our hotkey map
$ans = $keys{$ans} if $keys{$ans};
# if($options) {
# die "ERROR: not looking for array when options passed" unless wantarray;
if ($options) {
return ($ans, $options->[$selected]);
} else {
return ($ans, $selected);
}
# } else {
# die "ERROR: looking for list when options not passed" if wantarray;
# return $ans;
# }
}
unless (-x $ldd) {

View File

@ -40,6 +40,8 @@
CAP_IPC_LOCK 8
CAP_SYS_TTY_CONFIG 8
CAP_DAC_READ_SEARCH 7
CAP_AUDIT_CONTROL 8
CAP_AUDIT_WRITE 8
# unused
CAP_NET_BROADCAST 0