These capabilities were introduced in Linux 5.8
References: https://bugs.launchpad.net/bugs/1890547
(cherry picked from commit ae01250209)
Signed-off-by: John Johansen <john.johansen@canonical.com>
This patch adds the new capability CAP_AUDIT_READ, added in the 3.16
kernel, to the utils severity.db. I set the severity level at 7,
since it seemed to offer less exposure than CAP_AUDIT_CONTROL and
CAP_AUDIT_WRITE, which are both considered severity 8.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
http://thread.gmane.org/gmane.linux.kernel/1289986
This allows for drivers that support poll to prevent suspend. Adjust
utils/severity.db for this.
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This patch adds several missing capabilities to the utils/
severity.db file as detected by the newly added make check target,
along with corresponding severity levels that I believe :re appropriate
(discussion welcome):
CAP_MAC_ADMIN 10
CAP_MAC_OVERRIDE 10
CAP_SETFCAP 9
CAP_SYSLOG 8
CAP_WAKE_ALARM 8
The latter two are undocumented in the capabilities(7) man page
provided in Ubuntu 12.04; the syslog one is the separation out of
accessing the dmesg buffer from CAP_SYSADMIN, and the CAP_WAKE_ALARM
allows setting alarms that would wake a system from a suspended state,
if my reading is correct.
This also fixes a trailing whitespace on CAP_CHOWN, moves
CAP_DAC_READ_SEARCH to the end of the section of capabilities it's
in due to its lower priority level (7).
