init: allow initrc_t to getcap
Many AVCs are observed on a systemd system and various services. Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
9af88f2bf7
commit
5ad60847c6
@ -699,7 +699,7 @@ optional_policy(`
|
||||
# Init script local policy
|
||||
#
|
||||
|
||||
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
||||
allow initrc_t self:process { getcap getpgid setsched setpgid setrlimit getsched };
|
||||
allow initrc_t self:capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
|
||||
allow initrc_t self:capability2 { wake_alarm block_suspend };
|
||||
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
|
||||
|
Loading…
Reference in New Issue
Block a user