[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/admin/

Sven Vermeulen Tue, 09 Jun 2015 03:46:14 -0700

commit:     4835f7f1d0a050d045335d19505e8113de883dfa
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Jun  9 10:45:03 2015 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Tue Jun  9 10:45:03 2015 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=4835f7f1


Support capabilities for tcpdump (netutils_t)

 policy/modules/admin/netutils.te | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 54e1603..407685f 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -224,6 +224,11 @@ ifdef(`distro_gentoo',`
        #
 
        # Fix bug 535988
+       allow netutils_t self:process getcap;
+       allow netutils_t self:capability setpcap;
+
+       kernel_request_load_module(netutils_t)
        kernel_dontaudit_search_debugfs(netutils_t)
-       dev_dontaudit_read_usbmon_dev(netutils_t)       
+
+       dev_dontaudit_read_usbmon_dev(netutils_t)
 ')

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/admin/

Reply via email to