mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity
apparmor/parser/base_cap_names.h
John Johansen 270fb0a2b2 parser: Move to a pre-generated cap_names.h 
The auto-generated cap_names.h has problems when the parser if the
parser is built against a kernel with a smaller capability list than
the kernel policy is being compiled for.

Moving to a pre-generated list lets us support all capabilities even
when we build against older kernels. However we don't want to only use
the pre-generated list as that would make it too easy to miss when a
new capability has been added.

Keep auto generating the caps list and compare it to the pre-generated
caps list so we can detect when new capabilities are added, and fail
the build so that the pre-generated list can be updated. We screen the
diff for only additions so that the parser can continue to build on
older kernels that don't have the full capability list without errors.

Signed-off-by: John Johansen <john.johansen@canonical.com>
2020-07-07 09:43:48 -07:00

81 lines
1.2 KiB
C
Raw Blame History

{"audit_control", CAP_AUDIT_CONTROL},
{"audit_read", CAP_AUDIT_READ},
{"audit_write", CAP_AUDIT_WRITE},
{"block_suspend", CAP_BLOCK_SUSPEND},
{"bpf", CAP_BPF},
{"chown", CAP_CHOWN},
{"dac_override", CAP_DAC_OVERRIDE},
{"dac_read_search", CAP_DAC_READ_SEARCH},
{"fowner", CAP_FOWNER},
{"fsetid", CAP_FSETID},
{"ipc_lock", CAP_IPC_LOCK},
{"ipc_owner", CAP_IPC_OWNER},
{"kill", CAP_KILL},
{"lease", CAP_LEASE},
{"linux_immutable", CAP_LINUX_IMMUTABLE},
{"mac_admin", CAP_MAC_ADMIN},
{"mac_override", CAP_MAC_OVERRIDE},
{"mknod", CAP_MKNOD},
{"net_admin", CAP_NET_ADMIN},
{"net_bind_service", CAP_NET_BIND_SERVICE},
{"net_broadcast", CAP_NET_BROADCAST},
{"net_raw", CAP_NET_RAW},
{"perfmon", CAP_PERFMON},
{"setfcap", CAP_SETFCAP},
{"setgid", CAP_SETGID},
{"setpcap", CAP_SETPCAP},
{"setuid", CAP_SETUID},
{"syslog", CAP_SYSLOG},
{"sys_admin", CAP_SYS_ADMIN},
{"sys_boot", CAP_SYS_BOOT},
{"sys_chroot", CAP_SYS_CHROOT},
{"sys_module", CAP_SYS_MODULE},
{"sys_nice", CAP_SYS_NICE},
{"sys_pacct", CAP_SYS_PACCT},
{"sys_ptrace", CAP_SYS_PTRACE},
{"sys_rawio", CAP_SYS_RAWIO},
{"sys_resource", CAP_SYS_RESOURCE},
{"sys_time", CAP_SYS_TIME},
{"sys_tty_config", CAP_SYS_TTY_CONFIG},
{"wake_alarm", CAP_WAKE_ALARM},
Reference in New Issue View Git Blame Copy Permalink