a56c5e56bc
- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON to severity.db (lp#1890547) OBS-URL: https://build.opensuse.org/request/show/824912 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=270
41 lines
1.1 KiB
Diff
41 lines
1.1 KiB
Diff
https://gitlab.com/apparmor/apparmor/-/merge_requests/589
|
|
|
|
commit ae012502095596df4675555da635c868e3b3c04a
|
|
Author: Christian Boltz <apparmor@cboltz.de>
|
|
Date: Fri Aug 7 22:37:19 2020 +0200
|
|
|
|
Add CAP_BPF and CAP_PERFMON to severity.db
|
|
|
|
These capabilities were introduced in Linux 5.8
|
|
|
|
References: https://bugs.launchpad.net/bugs/1890547
|
|
|
|
diff --git a/utils/severity.db b/utils/severity.db
|
|
index 3c028400..3e07d44e 100644
|
|
--- a/utils/severity.db
|
|
+++ b/utils/severity.db
|
|
@@ -2,6 +2,7 @@
|
|
#
|
|
# Copyright (C) 2002-2005 Novell/SUSE
|
|
# Copyright (C) 2014 Canonical Ltd.
|
|
+# Copyright (C) 2020 Christian Boltz
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
@@ -28,6 +29,7 @@
|
|
CAP_SETGID 9
|
|
CAP_SETUID 9
|
|
CAP_FOWNER 9
|
|
+ CAP_BPF 9
|
|
# Denial of service, bypass audit controls, information leak
|
|
CAP_SYS_TIME 8
|
|
CAP_NET_ADMIN 8
|
|
@@ -49,6 +51,7 @@
|
|
CAP_BLOCK_SUSPEND 8
|
|
CAP_DAC_READ_SEARCH 7
|
|
CAP_AUDIT_READ 7
|
|
+ CAP_PERFMON 7
|
|
# unused
|
|
CAP_NET_BROADCAST 0
|
|
|