File: ok2.sd

package info (click to toggle)
apparmor 2.7.103-4
  • links: PTS
  • area: main
  • in suites: wheezy
  • size: 11,920 kB
  • sloc: ansic: 12,022; perl: 10,644; sh: 8,119; cpp: 2,505; yacc: 1,592; python: 1,489; makefile: 1,138; lex: 1,003; pascal: 399; ruby: 374; exp: 250; java: 212; xml: 159
file content (160 lines) | stat: -rw-r--r-- 3,978 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
 
#
#=DESCRIPTION validate some uses of capabilties.
#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
/does/not/exist {
  audit capability chown,
  audit capability dac_override,
  audit capability dac_read_search,
  audit capability fowner,
  audit capability fsetid,
  audit capability kill,
  audit capability setgid,
  audit capability setuid,
  audit capability setpcap,
  audit capability linux_immutable,
  audit capability net_bind_service,
  audit capability net_broadcast,
  audit capability net_admin,
  audit capability net_raw,
  audit capability ipc_lock,
  audit capability ipc_owner,
  audit capability sys_module,
  audit capability sys_rawio,
  audit capability sys_chroot,
  audit capability sys_ptrace,
  audit capability sys_pacct,
  audit capability sys_admin,
  audit capability sys_boot,
  audit capability sys_nice,
  audit capability sys_resource,
  audit capability sys_time,
  audit capability sys_tty_config,
  audit capability mknod,
  audit capability lease,
  audit capability audit_write,
  audit capability audit_control,
  audit capability setfcap,
  audit capability mac_override,
}

/does/not/exist2 {
  ^chown {
    deny capability chown,
  }
  ^dac_override {
    deny capability dac_override,
  }
  ^dac_read_search {
    deny capability dac_read_search,
  }
  ^fowner {
    deny capability fowner,
  }
  ^fsetid {
    deny capability fsetid,
  }
  ^kill {
    deny capability kill,
  }
  ^setgid {
    deny capability setgid,
  }
  ^setuid {
    deny capability setuid,
  }
  ^setpcap {
    deny capability setpcap,
  }
  ^linux_immutable {
    deny capability linux_immutable,
  }
  ^net_bind_service {
    deny capability net_bind_service,
  }
  ^net_broadcast {
    deny capability net_broadcast,
  }
  ^net_admin {
    deny capability net_admin,
  }
  ^net_raw {
    deny capability net_raw,
  }
  ^ipc_lock {
    deny capability ipc_lock,
  }
  ^ipc_owner {
    deny capability ipc_owner,
  }
  ^sys_module {
    deny capability sys_module,
  }
  ^sys_rawio {
    deny capability sys_rawio,
  }
  ^sys_chroot {
    deny capability sys_chroot,
  }
  ^sys_ptrace {
    deny capability sys_ptrace,
  }
  ^sys_pacct {
    deny capability sys_pacct,
  }
  ^sys_admin {
    deny capability sys_admin,
  }
  ^sys_boot {
    deny capability sys_boot,
  }
  ^sys_nice {
    deny capability sys_nice,
  }
  ^sys_resource {
    deny capability sys_resource,
  }
  ^sys_time {
    deny capability sys_time,
  }
  ^sys_tty_config {
    deny capability sys_tty_config,
  }
  ^mknod {
    deny capability mknod,
  }
  ^lease {
    deny capability lease,
  }
  ^audit_write {
    deny capability audit_write,
  }
  ^audit_control {
    deny capability audit_control,
  }
}

# Test for duplicates?
/does/not/exist3 {
  capability mknod,
  audit capability mknod,
  deny capability mknod,
  audit capability mknod,
  deny capability mknod,
  capability mknod,
}

/does/not/exit101 {
  capability chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control,

}

/does/not/exit102 {
  audit deny capability chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control,

  deny capability chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control,

}