mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Description: update base abstraction read access to

Browse source 
/proc/sys/kernel/cap_last_cap. This is needed to determine the highest valid
 capability of the running kernel. Reference:
 https://lkml.org/lkml/2011/10/15/42
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1378977

Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Jamie Strandboge 2014-10-08 15:18:34 -05:00
parent b34e81e606
commit dc9474fe5a
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
profiles/apparmor.d/abstractions/base
View file

@ -103,6 +103,9 @@
# glibc malloc (man 5 proc)
@{PROC}/sys/vm/overcommit_memory r,
# Allow determining the highest valid capability of the running kernel
@{PROC}/sys/kernel/cap_last_cap r,
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now (they will need 'read' in the first place). Administrators can
# override with: