diff options
author | Luis Ressel <aranea@aixah.de> | 2017-06-19 00:53:35 +0200 |
---|---|---|
committer | Luis Ressel <aranea@aixah.de> | 2017-09-09 00:09:59 +0200 |
commit | d623c0a07020a7860cb27d5c3b86ed144032109a (patch) | |
tree | a2b8dc59172e18895980604ba0e7b06832f31795 /policy/modules/admin | |
parent | netutils: Add some permissions required by nmap to traceroute_t (diff) | |
download | hardened-refpolicy-d623c0a07020a7860cb27d5c3b86ed144032109a.tar.gz hardened-refpolicy-d623c0a07020a7860cb27d5c3b86ed144032109a.tar.bz2 hardened-refpolicy-d623c0a07020a7860cb27d5c3b86ed144032109a.zip |
netutils: Allow tcpdump to reduce its capability bounding set
Diffstat (limited to 'policy/modules/admin')
-rw-r--r-- | policy/modules/admin/netutils.te | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te index d33074653..45a6b11ac 100644 --- a/policy/modules/admin/netutils.te +++ b/policy/modules/admin/netutils.te @@ -33,9 +33,9 @@ init_system_domain(traceroute_t, traceroute_exec_t) # # Perform network administration operations and have raw access to the network. -allow netutils_t self:capability { dac_read_search net_admin net_raw setgid setuid sys_chroot }; +allow netutils_t self:capability { dac_read_search net_admin net_raw setgid setpcap setuid sys_chroot }; dontaudit netutils_t self:capability { dac_override sys_tty_config }; -allow netutils_t self:process { setcap signal_perms }; +allow netutils_t self:process { getcap setcap signal_perms }; allow netutils_t self:netlink_route_socket create_netlink_socket_perms; allow netutils_t self:netlink_socket create_socket_perms; # For tcpdump. |