apparmor/parser/tst/simple_tests/capabilities_ok.sd

#
# $Id$
#=DESCRIPTION validate some uses of capabilties.
#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
/does/not/exist {
  capability chown,
  capability dac_override,
  capability dac_read_search,
  capability fowner,
  capability fsetid,
  capability kill,
  capability setgid,
  capability setuid,
  capability setpcap,
  capability linux_immutable,
  capability net_bind_service,
  capability net_broadcast,
  capability net_admin,
  capability net_raw,
  capability ipc_lock,
  capability ipc_owner,
  capability sys_module,
  capability sys_rawio,
  capability sys_chroot,
  capability sys_ptrace,
  capability sys_pacct,
  capability sys_admin,
  capability sys_boot,
  capability sys_nice,
  capability sys_resource,
  capability sys_time,
  capability sys_tty_config,
  capability mknod,
  capability lease,
  capability audit_write,
  capability audit_control,
}

/does/not/exist2 {
  ^chown { 
    capability chown,
  }
  ^dac_override { 
    capability dac_override,
  }
  ^dac_read_search { 
    capability dac_read_search,
  }
  ^fowner { 
    capability fowner,
  }
  ^fsetid { 
    capability fsetid,
  }
  ^kill { 
    capability kill,
  }
  ^setgid { 
    capability setgid,
  }
  ^setuid { 
    capability setuid,
  }
  ^setpcap { 
    capability setpcap,
  }
  ^linux_immutable { 
    capability linux_immutable,
  }
  ^net_bind_service { 
    capability net_bind_service,
  }
  ^net_broadcast { 
    capability net_broadcast,
  }
  ^net_admin { 
    capability net_admin,
  }
  ^net_raw { 
    capability net_raw,
  }
  ^ipc_lock { 
    capability ipc_lock,
  }
  ^ipc_owner { 
    capability ipc_owner,
  }
  ^sys_module { 
    capability sys_module,
  }
  ^sys_rawio { 
    capability sys_rawio,
  }
  ^sys_chroot { 
    capability sys_chroot,
  }
  ^sys_ptrace { 
    capability sys_ptrace,
  }
  ^sys_pacct { 
    capability sys_pacct,
  }
  ^sys_admin { 
    capability sys_admin,
  }
  ^sys_boot { 
    capability sys_boot,
  }
  ^sys_nice { 
    capability sys_nice,
  }
  ^sys_resource { 
    capability sys_resource,
  }
  ^sys_time { 
    capability sys_time,
  }
  ^sys_tty_config { 
    capability sys_tty_config,
  }
  ^mknod { 
    capability mknod,
  }
  ^lease { 
    capability lease,
  }
  ^audit_write {
    capability audit_write,
  }
  ^audit_control {
    capability audit_control,
  }
}

# Test for duplicates?
/does/not/exist3 {
  capability mknod,
  capability mknod,
}
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`#`
This patch removes using the libcap-devel capability header, and only uses the linux kernel definitions of them. (It also adds to the simple capbilities regression tests verifying the parser can parse the new audit capiability names.) 2006-11-08 10:59:09 +00:00			`# $Id$`
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`#=DESCRIPTION validate some uses of capabilties.`
			`#=EXRESULT PASS`
			`# vim:syntax=subdomain`
			`# Last Modified: Sun Apr 17 19:44:44 2005`
			`#`
			`/does/not/exist {`
			`capability chown,`
			`capability dac_override,`
			`capability dac_read_search,`
			`capability fowner,`
			`capability fsetid,`
			`capability kill,`
			`capability setgid,`
			`capability setuid,`
			`capability setpcap,`
			`capability linux_immutable,`
			`capability net_bind_service,`
			`capability net_broadcast,`
			`capability net_admin,`
			`capability net_raw,`
			`capability ipc_lock,`
			`capability ipc_owner,`
			`capability sys_module,`
			`capability sys_rawio,`
			`capability sys_chroot,`
			`capability sys_ptrace,`
			`capability sys_pacct,`
			`capability sys_admin,`
			`capability sys_boot,`
			`capability sys_nice,`
			`capability sys_resource,`
			`capability sys_time,`
			`capability sys_tty_config,`
			`capability mknod,`
			`capability lease,`
This patch removes using the libcap-devel capability header, and only uses the linux kernel definitions of them. (It also adds to the simple capbilities regression tests verifying the parser can parse the new audit capiability names.) 2006-11-08 10:59:09 +00:00			`capability audit_write,`
			`capability audit_control,`
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`}`

			`/does/not/exist2 {`
			`^chown {`
			`capability chown,`
			`}`
			`^dac_override {`
			`capability dac_override,`
			`}`
			`^dac_read_search {`
			`capability dac_read_search,`
			`}`
			`^fowner {`
			`capability fowner,`
			`}`
			`^fsetid {`
			`capability fsetid,`
			`}`
			`^kill {`
			`capability kill,`
			`}`
			`^setgid {`
			`capability setgid,`
			`}`
			`^setuid {`
			`capability setuid,`
			`}`
			`^setpcap {`
			`capability setpcap,`
			`}`
			`^linux_immutable {`
			`capability linux_immutable,`
			`}`
			`^net_bind_service {`
			`capability net_bind_service,`
			`}`
			`^net_broadcast {`
			`capability net_broadcast,`
			`}`
			`^net_admin {`
			`capability net_admin,`
			`}`
			`^net_raw {`
			`capability net_raw,`
			`}`
			`^ipc_lock {`
			`capability ipc_lock,`
			`}`
			`^ipc_owner {`
			`capability ipc_owner,`
			`}`
			`^sys_module {`
			`capability sys_module,`
			`}`
			`^sys_rawio {`
			`capability sys_rawio,`
			`}`
			`^sys_chroot {`
			`capability sys_chroot,`
			`}`
			`^sys_ptrace {`
			`capability sys_ptrace,`
			`}`
			`^sys_pacct {`
			`capability sys_pacct,`
			`}`
			`^sys_admin {`
			`capability sys_admin,`
			`}`
			`^sys_boot {`
			`capability sys_boot,`
			`}`
			`^sys_nice {`
			`capability sys_nice,`
			`}`
			`^sys_resource {`
			`capability sys_resource,`
			`}`
			`^sys_time {`
			`capability sys_time,`
			`}`
			`^sys_tty_config {`
			`capability sys_tty_config,`
			`}`
			`^mknod {`
			`capability mknod,`
			`}`
			`^lease {`
			`capability lease,`
			`}`
This patch removes using the libcap-devel capability header, and only uses the linux kernel definitions of them. (It also adds to the simple capbilities regression tests verifying the parser can parse the new audit capiability names.) 2006-11-08 10:59:09 +00:00			`^audit_write {`
			`capability audit_write,`
			`}`
			`^audit_control {`
			`capability audit_control,`
			`}`
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`}`

			`# Test for duplicates?`
			`/does/not/exist3 {`
			`capability mknod,`
			`capability mknod,`
			`}`