Re: [apparmor] Apparmor: Query on adding many capabilities in the custom header file

2021-04-28 Thread Christian Boltz
Hello, Am Mittwoch, 28. April 2021, 21:01:23 CEST schrieb Murali Selvaraj: > I have created a header file as follows and included in the apparmor > profile. > > admin@test:/etc/apparmor.d# cat caps/default > capability chown dac_override dac_read_search fowner fsetid kill > ipc_lock sys_nice setp

Re: [apparmor] Apparmor: Query on adding many capabilities in the custom header file

2021-04-28 Thread Murali Selvaraj
Thanks Christian for the inputs. I have created a header file as follows and included in the apparmor profile. admin@test:/etc/apparmor.d# cat caps/default capability chown dac_override dac_read_search fowner fsetid kill ipc_lock sys_nice setpcap ipc_owner sys_ptrace sys_chroot, admin@test:/etc/

Re: [apparmor] Apparmor: Query on adding many capabilities in the custom header file

2021-04-24 Thread Christian Boltz
Hello, Am Samstag, 24. April 2021, 15:46:22 CEST schrieb Murali Selvaraj: > Can you please guide me to resolve the above query on the header file > with enabling many capabilities in the header file? a) /nvram2/apparmor_boot/caps/common capability chown dac_override dac_read_search fowner fs

Re: [apparmor] Apparmor: Query on adding many capabilities in the custom header file

2021-04-24 Thread Murali Selvaraj
Hi John/Seth, Can you please guide me to resolve the above query on the header file with enabling many capabilities in the header file? Thanks Murali.S On Thu, Apr 22, 2021 at 9:15 PM Murali Selvaraj wrote: > > Hi John, > > I am still facing below error while parsing the profile. > > While pars

Re: [apparmor] Apparmor: Query on adding many capabilities in the custom header file

2021-04-22 Thread Seth Arnold
On Thu, Apr 22, 2021 at 09:15:27PM +0530, Murali Selvaraj wrote: > @{default_caps}=chown,dac_override,dac_read_search,fowner,fsetid,kill,ipc_lock,sys_nice,setpcap,pc_owner,sys_ptrace,sys_chroot Variables don't work for the capabilities. They aren't like files. Make a new abstraction file with: c

Re: [apparmor] Apparmor: Query on adding many capabilities in the custom header file

2021-04-22 Thread Murali Selvaraj
Hi John, I am still facing below error while parsing the profile. While parsing profiles sh -x /etc/apparmor/apparmor_parse.sh AppArmor parser error for /nvram2/apparmor_boot/usr.bin.test in /nvram2/apparmor_boot/usr.bin.test at line 5: syntax error, unexpected TOK_SET_VAR, expecting TOK_ID or TO

Re: [apparmor] Apparmor: Query on adding many capabilities in the custom header file

2021-04-21 Thread John Johansen
On 4/20/21 10:01 AM, Murali Selvaraj wrote: > Hi All, > > As per our design , we are applying certain capabilities to all my profiles. > > -> created custom include files as follow in #include "relative_path" > > @{default_caps}=chown,dac_override,dac_read_search,fowner,fsetid,kill,ipc_lock,s

[apparmor] Apparmor: Query on adding many capabilities in the custom header file

2021-04-20 Thread Murali Selvaraj
Hi All, As per our design , we are applying certain capabilities to all my profiles. -> created custom include files as follow in #include "relative_path" @{default_caps}=chown,dac_override,dac_read_search,fowner,fsetid,kill,ipc_lock,sys_nice,setpcap,ipc_owner,sys_ptrace,sys_chroot -> Adding