3 files changed, 19 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index ec87f1d2d..397bf753b 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -126,6 +126,9 @@ signal (receive),
 # We let Firejail deal with capabilities, but ensure that
 # some AppArmor related capabilities will not be available.
 ##########
+capability checkpoint_restore,
+capability perfmon,
+capability bpf,
 capability chown,
 capability dac_override,
 capability dac_read_search,
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index 19eb8ec6e..597f9915b 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -162,6 +162,21 @@ static CapsEntry capslist[] = {
 #else
        {"audit_read", 37 },
 #endif
+#ifdef CAP_PERFMON
+        {"perfmon", CAP_PERFMON },
+#else
+        {"perfmon", 38 },
+#endif
+#ifdef CAP_BPF
+        {"bpf", CAP_BPF },
+#else
+        {"bpf", 39 },
+#endif
+#ifdef CAP_CHECKPOINT_RESTORE
+        {"checkpoint_restore", CAP_CHECKPOINT_RESTORE },
+#else
+        {"checkpoint_restore", 40 },
+#endif
 //
 // end of generated code
diff --git a/src/tools/extract_caps.c b/src/tools/extract_caps.c
index 6cd850752..8da9c452b 100644
--- a/src/tools/extract_caps.c
+++ b/src/tools/extract_caps.c
@@ -17,6 +17,7 @@
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
+#include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index ec87f1d2d..397bf753b 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default
@@ -126,6 +126,9 @@ signal (receive),
126	# We let Firejail deal with capabilities, but ensure that	126	# We let Firejail deal with capabilities, but ensure that
127	# some AppArmor related capabilities will not be available.	127	# some AppArmor related capabilities will not be available.
128	##########	128	##########
		129	capability checkpoint_restore,
		130	capability perfmon,
		131	capability bpf,
129	capability chown,	132	capability chown,
130	capability dac_override,	133	capability dac_override,
131	capability dac_read_search,	134	capability dac_read_search,


diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 19eb8ec6e..597f9915b 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c
@@ -162,6 +162,21 @@ static CapsEntry capslist[] = {
162	#else	162	#else
163	{"audit_read", 37 },	163	{"audit_read", 37 },
164	#endif	164	#endif
		165	#ifdef CAP_PERFMON
		166	{"perfmon", CAP_PERFMON },
		167	#else
		168	{"perfmon", 38 },
		169	#endif
		170	#ifdef CAP_BPF
		171	{"bpf", CAP_BPF },
		172	#else
		173	{"bpf", 39 },
		174	#endif
		175	#ifdef CAP_CHECKPOINT_RESTORE
		176	{"checkpoint_restore", CAP_CHECKPOINT_RESTORE },
		177	#else
		178	{"checkpoint_restore", 40 },
		179	#endif
165		180
166	//	181	//
167	// end of generated code	182	// end of generated code


diff --git a/src/tools/extract_caps.c b/src/tools/extract_caps.c index 6cd850752..8da9c452b 100644 --- a/src/tools/extract_caps.c +++ b/src/tools/extract_caps.c
@@ -17,6 +17,7 @@
17	* with this program; if not, write to the Free Software Foundation, Inc.,	17	* with this program; if not, write to the Free Software Foundation, Inc.,
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/	19	*/
		20	#include <ctype.h>
20	#include <stdio.h>	21	#include <stdio.h>
21	#include <stdlib.h>	22	#include <stdlib.h>
22	#include <string.h>	23	#include <string.h>