From f767f82bd51d9c5959c5714b266e0e104dfa84dd Mon Sep 17 00:00:00 2001 From: smitsohu Date: Fri, 19 Feb 2021 00:40:46 +0100 Subject: refresh capabilities (#3945) --- etc/apparmor/firejail-default | 3 +++ src/firejail/caps.c | 15 +++++++++++++++ src/tools/extract_caps.c | 1 + 3 files changed, 19 insertions(+) diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index ec87f1d2d..397bf753b 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default @@ -126,6 +126,9 @@ signal (receive), # We let Firejail deal with capabilities, but ensure that # some AppArmor related capabilities will not be available. ########## +capability checkpoint_restore, +capability perfmon, +capability bpf, capability chown, capability dac_override, capability dac_read_search, diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 19eb8ec6e..597f9915b 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c @@ -162,6 +162,21 @@ static CapsEntry capslist[] = { #else {"audit_read", 37 }, #endif +#ifdef CAP_PERFMON + {"perfmon", CAP_PERFMON }, +#else + {"perfmon", 38 }, +#endif +#ifdef CAP_BPF + {"bpf", CAP_BPF }, +#else + {"bpf", 39 }, +#endif +#ifdef CAP_CHECKPOINT_RESTORE + {"checkpoint_restore", CAP_CHECKPOINT_RESTORE }, +#else + {"checkpoint_restore", 40 }, +#endif // // end of generated code diff --git a/src/tools/extract_caps.c b/src/tools/extract_caps.c index 6cd850752..8da9c452b 100644 --- a/src/tools/extract_caps.c +++ b/src/tools/extract_caps.c @@ -17,6 +17,7 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include #include #include #include -- cgit v1.2.3-70-g09d2