Documentation of AppArmor capabilities

This is a documentation request, because the information could not be found so far.

In the AppArmor documentation is a list of capabilities:

https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference

The capabilities that are currently supported are:
 chown
 dac_override
 dac_read_search
 fowner
 fsetid
 kill
 setgid
 setuid
 setpcap
 linux_immutable
 net_bind_service
 net_broadcast
 net_admin
 net_raw
 ipc_lock
 ipc_owner
 sys_module
 sys_rawio
 sys_chroot
 sys_ptrace
 sys_pacct
 sys_admin
 sys_boot
 sys_nice
 sys_resource
 sys_time
 sys_tty_config
 mknod
 lease
 audit_write
 audit_control
 setfcap
 mac_override
 mac_admin

Only some are self-explaning.

What is the exact definition of sys_admin for example ?

There is only a remark at ubuntu https://ubuntu.com/server/docs/security-apparmor:

"AppArmor confines individual programs to a set of listed files and posix 1003.1e draft capabilities."

But they are not documented better and have not exact matching names.

Another question is if there are other existing tools than aa-notify to view the notifications in a better readable form?

Thank you.

Edited Mar 13, 2022 by gitman solace