userdom: allow admin users to use tcpdiag netlink sockets

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2022-12-07 10:47:40 -05:00
parent 7662001300
commit 810cc48197

View File

@ -1343,6 +1343,7 @@ template(`userdom_admin_user_template',`
allow $1_t self:cap_userns sys_ptrace;
allow $1_t self:process { setexec setfscreate };
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
allow $1_t self:netlink_tcpdiag_socket create_netlink_socket_perms;
allow $1_t self:tun_socket create;
# Set password information for other users.
allow $1_t self:passwd { passwd chfn chsh };