capabilities). The rule will be marked in the "dangerous capability"
color.
Additionally, the patch removes the (already commented out) code for
"set capability".
Acked-by: Kees Cook <kees@ubuntu.com>
I intentionally don't allow pUx and Pux since the behaviour of those is
very unexpected (the first letter decides if the environment is cleaned
up or not - at least that's the result of the discussion in April) and
the average user won't know this.
Acked-by: John Johansen <john.johansen@canonical.com>
- move cap_sys_module and cap_sys_rawio to "dangerous" capabilities
- sorted sdKapKeyDanger
Proposed by Seth Arnold,
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
Basically the files will generate apparmor.vim as included in openSUSE
11.4 (and posted here before at the end of january). The only difference
is that the patch that Steve posted some days ago is already included
(patch summary: sdGlob: first character of variable name has to be
:alpha:, followed by any number of :alnum: or _)
