On Mon, Jul 21, 2014 at 03:28:36PM -0700, Steve Beattie wrote: > This patch adds the new capability CAP_AUDIT_READ, added in the 3.16 > kernel, to the utils severity.db. I set the severity level at 7, > since it seemed to offer less exposure than CAP_AUDIT_CONTROL and > CAP_AUDIT_WRITE, which are both considered severity 8. > > This patch is both for trunk and the 2.8 branch. > > Signed-off-by: Steve Beattie <st...@nxnw.org>
Acked-by: Seth Arnold <seth.arn...@canonical.com> '7' matches CAP_DAC_READ_SEARCH, makes sense to me. Thanks > --- > utils/severity.db | 1 + > 1 file changed, 1 insertion(+) > > Index: b/utils/severity.db > =================================================================== > --- a/utils/severity.db > +++ b/utils/severity.db > @@ -47,6 +47,7 @@ > CAP_WAKE_ALARM 8 > CAP_BLOCK_SUSPEND 8 > CAP_DAC_READ_SEARCH 7 > + CAP_AUDIT_READ 7 > # unused > CAP_NET_BROADCAST 0 > > -- > Steve Beattie > <sbeat...@ubuntu.com> > http://NxNW.org/~steve/ > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor