mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
48974e552c
We need a set of flags to track where a capability can from so we know how to processes it for policy compatibility purposes. Signed-off-by: John Johansen <john.johansen@canonical.com>
80 lines
2.7 KiB
C
80 lines
2.7 KiB
C
{"audit_control", CAP_AUDIT_CONTROL, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"audit_read", CAP_AUDIT_READ, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"audit_write", CAP_AUDIT_WRITE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"block_suspend", CAP_BLOCK_SUSPEND, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"bpf", CAP_BPF, CAP_SYS_ADMIN, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"chown", CAP_CHOWN, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"dac_override", CAP_DAC_OVERRIDE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"dac_read_search", CAP_DAC_READ_SEARCH, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"fowner", CAP_FOWNER, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"fsetid", CAP_FSETID, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"ipc_lock", CAP_IPC_LOCK, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"ipc_owner", CAP_IPC_OWNER, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"kill", CAP_KILL, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"lease", CAP_LEASE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"linux_immutable", CAP_LINUX_IMMUTABLE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"mac_admin", CAP_MAC_ADMIN, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"mac_override", CAP_MAC_OVERRIDE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"mknod", CAP_MKNOD, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"net_admin", CAP_NET_ADMIN, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"net_bind_service", CAP_NET_BIND_SERVICE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"net_broadcast", CAP_NET_BROADCAST, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"net_raw", CAP_NET_RAW, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"perfmon", CAP_PERFMON, CAP_SYS_ADMIN, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"setfcap", CAP_SETFCAP, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"setgid", CAP_SETGID, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"setpcap", CAP_SETPCAP, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"setuid", CAP_SETUID, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"syslog", CAP_SYSLOG, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_admin", CAP_SYS_ADMIN, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_boot", CAP_SYS_BOOT, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_chroot", CAP_SYS_CHROOT, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_module", CAP_SYS_MODULE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_nice", CAP_SYS_NICE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_pacct", CAP_SYS_PACCT, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_ptrace", CAP_SYS_PTRACE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_rawio", CAP_SYS_RAWIO, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_resource", CAP_SYS_RESOURCE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_time", CAP_SYS_TIME, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"sys_tty_config", CAP_SYS_TTY_CONFIG, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|
|
{"wake_alarm", CAP_WAKE_ALARM, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
|
|
|