Granting the dac_override capability in an AA profile doesn't give away permission to access things not listed explicitly in the profile.
It gives root the ability to read and write files that it does not have group or other permission to access (e.g. user foo has a file named /home/foo/bar.txt with permission bits 0600), but the files still need to be listed in the profile in order for the program to be allowed access. -- REJECTING access to capability 'dac_override' (cupsd(6348) profile /usr/sbin/cupsd active /usr/sbin/cupsd) https://bugs.launchpad.net/bugs/131952 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs