Commit dc9474fe authored by Jamie Strandboge's avatar Jamie Strandboge

Description: update base abstraction read access to

 /proc/sys/kernel/cap_last_cap. This is needed to determine the highest valid
 capability of the running kernel. Reference:
 https://lkml.org/lkml/2011/10/15/42
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1378977Acked-By: default avatarJamie Strandboge <jamie@canonical.com>
Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
parent b34e81e6
...@@ -103,6 +103,9 @@ ...@@ -103,6 +103,9 @@
# glibc malloc (man 5 proc) # glibc malloc (man 5 proc)
@{PROC}/sys/vm/overcommit_memory r, @{PROC}/sys/vm/overcommit_memory r,
# Allow determining the highest valid capability of the running kernel
@{PROC}/sys/kernel/cap_last_cap r,
# Allow other processes to read our /proc entries, futexes, perf tracing and # Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now (they will need 'read' in the first place). Administrators can # kcmp for now (they will need 'read' in the first place). Administrators can
# override with: # override with:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment