parser: don't abort profile compile if the kernel is missing caps/mask (!691) · Merge requests · AppArmor / apparmor

John Johansen requested to merge jjohansen/apparmor:fix-caps into master Dec 11, 2020

3.0 added the ability to extract and use the kernels cap mask to augment its internal capability list as a stop gap measure to support new capabilities.

Unfortunately not all kernel export the cap/mask and this is causing the policy compile to fail. If the kernel doesn't export a cp/mask just use the internal list.

Fixes: #140 (closed) Signed-off-by: John Johansen john.johansen@canonical.com

parser: don't abort profile compile if the kernel is missing caps/mask

Merge request reports