unconfined: Add missing capability2 perms.

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
Chris PeBenito 2022-05-02 15:17:40 +00:00 committed by Chris PeBenito
parent a4534a76bb
commit 05e386bcb3
1 changed files with 1 additions and 1 deletions

View File

@ -38,7 +38,7 @@ interface(`unconfined_domain_noaudit',`
# Use most Linux capabilities # Use most Linux capabilities
allow $1 self:{ capability cap_userns } { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap }; allow $1 self:{ capability cap_userns } { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
allow $1 self:{ capability2 cap2_userns } { syslog wake_alarm }; allow $1 self:{ capability2 cap2_userns } { syslog wake_alarm bpf perfmon };
allow $1 self:fifo_file manage_fifo_file_perms; allow $1 self:fifo_file manage_fifo_file_perms;
# Manage most namespace capabilities # Manage most namespace capabilities