unconfined: Add missing capability2 perms.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
parent
a4534a76bb
commit
05e386bcb3
|
@ -38,7 +38,7 @@ interface(`unconfined_domain_noaudit',`
|
||||||
|
|
||||||
# Use most Linux capabilities
|
# Use most Linux capabilities
|
||||||
allow $1 self:{ capability cap_userns } { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
|
allow $1 self:{ capability cap_userns } { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
|
||||||
allow $1 self:{ capability2 cap2_userns } { syslog wake_alarm };
|
allow $1 self:{ capability2 cap2_userns } { syslog wake_alarm bpf perfmon };
|
||||||
allow $1 self:fifo_file manage_fifo_file_perms;
|
allow $1 self:fifo_file manage_fifo_file_perms;
|
||||||
|
|
||||||
# Manage most namespace capabilities
|
# Manage most namespace capabilities
|
||||||
|
|
Loading…
Reference in New Issue