Good day, I run AppArmor version 2.10.2 on a kernel 4.4 system.
I creates a profile for gpg and that profile requested now the capability dac_override. This raises some questions to me. First, does dac_override honor the folder permission rules within the profile? For example, if there is a rule "/foo/** r," does dac_override this rule? If dac_override still honors the folder rules, what then is the point to ask for that capability? Lastly, why is that capability requested at all? Normally AppArmor complains if r/w to a certain file/folder is needed. But, here a capability was requested. Requesting dac_override does not give any hint, what file or folder is required to access... Would be nice if someone could give me a hint on that CAP vs AppArmor issue :-) -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
