mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 23:35:37 +00:00
Code Issues Releases Wiki Activity

create-apparmor.vim.sh:

Browse Source 
- move cap_sys_module and cap_sys_rawio to "dangerous" capabilities
- sorted sdKapKeyDanger

Proposed by Seth Arnold,
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
This commit is contained in:
Christian Boltz
2011-04-09 18:47:42 +02:00
parent 00f32d555d
commit d799edbcc6
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
utils/vim/create-apparmor.vim.sh
View File

@@ -1,10 +1,10 @@
#!/bin/bash #!/bin/bash
# not-too-dangerous capabilities # not-too-dangerous capabilities
sdKapKey="chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease" sdKapKey="chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease"
# dangerous capabilities # dangerous capabilities
sdKapKeyDanger="sys_admin audit_control audit_write set_fcap mac_override mac_admin" sdKapKeyDanger="audit_control audit_write mac_override mac_admin set_fcap sys_admin sys_module sys_rawio"
sdNetworkProto="inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth" sdNetworkProto="inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth"