diff options
author | smitsohu <smitsohu@gmail.com> | 2021-02-19 00:40:46 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-02-19 00:40:46 +0100 |
commit | f767f82bd51d9c5959c5714b266e0e104dfa84dd (patch) | |
tree | eef4a662ec2babc9e2aed278fbde1e234cf19c10 | |
parent | Merge pull request #3994 from kmk3/fix-copyright-bump (diff) | |
download | firejail-f767f82bd51d9c5959c5714b266e0e104dfa84dd.tar.gz firejail-f767f82bd51d9c5959c5714b266e0e104dfa84dd.tar.zst firejail-f767f82bd51d9c5959c5714b266e0e104dfa84dd.zip |
refresh capabilities (#3945)
-rw-r--r-- | etc/apparmor/firejail-default | 3 | ||||
-rw-r--r-- | src/firejail/caps.c | 15 | ||||
-rw-r--r-- | src/tools/extract_caps.c | 1 |
3 files changed, 19 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index ec87f1d2d..397bf753b 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default | |||
@@ -126,6 +126,9 @@ signal (receive), | |||
126 | # We let Firejail deal with capabilities, but ensure that | 126 | # We let Firejail deal with capabilities, but ensure that |
127 | # some AppArmor related capabilities will not be available. | 127 | # some AppArmor related capabilities will not be available. |
128 | ########## | 128 | ########## |
129 | capability checkpoint_restore, | ||
130 | capability perfmon, | ||
131 | capability bpf, | ||
129 | capability chown, | 132 | capability chown, |
130 | capability dac_override, | 133 | capability dac_override, |
131 | capability dac_read_search, | 134 | capability dac_read_search, |
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 19eb8ec6e..597f9915b 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
@@ -162,6 +162,21 @@ static CapsEntry capslist[] = { | |||
162 | #else | 162 | #else |
163 | {"audit_read", 37 }, | 163 | {"audit_read", 37 }, |
164 | #endif | 164 | #endif |
165 | #ifdef CAP_PERFMON | ||
166 | {"perfmon", CAP_PERFMON }, | ||
167 | #else | ||
168 | {"perfmon", 38 }, | ||
169 | #endif | ||
170 | #ifdef CAP_BPF | ||
171 | {"bpf", CAP_BPF }, | ||
172 | #else | ||
173 | {"bpf", 39 }, | ||
174 | #endif | ||
175 | #ifdef CAP_CHECKPOINT_RESTORE | ||
176 | {"checkpoint_restore", CAP_CHECKPOINT_RESTORE }, | ||
177 | #else | ||
178 | {"checkpoint_restore", 40 }, | ||
179 | #endif | ||
165 | 180 | ||
166 | // | 181 | // |
167 | // end of generated code | 182 | // end of generated code |
diff --git a/src/tools/extract_caps.c b/src/tools/extract_caps.c index 6cd850752..8da9c452b 100644 --- a/src/tools/extract_caps.c +++ b/src/tools/extract_caps.c | |||
@@ -17,6 +17,7 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include <ctype.h> | ||
20 | #include <stdio.h> | 21 | #include <stdio.h> |
21 | #include <stdlib.h> | 22 | #include <stdlib.h> |
22 | #include <string.h> | 23 | #include <string.h> |