Yes Seth.
My system works fine if the capability line is in the profile.
Below are my two queries...
1. Is listing all the capabilities same as adding the "capability, " line.
I dont see the same behaviour. Listing all the capabs is not working,
whereas
adding the capability, line works
2.
On Mon, Aug 31, 2020 at 10:34:46PM -0400, swarna latha wrote:
> I am getting the complete set of libraries used by my process with status=
> AUDIT, right from /etc/ld.so.cache. It looks to me as though the profile is
> not applied, though i have rules allowing the /etc/ld.so cache access.
>
> As
Hi Seth,
I am getting the complete set of libraries used by my process with status=
AUDIT, right from /etc/ld.so.cache. It looks to me as though the profile is
not applied, though i have rules allowing the /etc/ld.so cache access.
As i have these file entries in my profile, i am not getting
On Mon, Aug 31, 2020 at 08:25:26PM -0400, swarna latha wrote:
> For non-root mode, tried to add the capabilities manually, all the 36
> capabilities it did not work. But if i add the capability, (which is to
> grant all capabilities, the last one highlighted below) the process starts.
What
Hi,
We have a process which starts as root and then we drop the unused
privileges and run as non-root.
Captured the capabilities of the process with apparmor by putting the
profile in audit, complain mode and generated profile with logprof.
1. With the generated profile, the process is
