userdom: allow admin users to use tcpdiag netlink sockets
Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
7662001300
commit
810cc48197
@ -1343,6 +1343,7 @@ template(`userdom_admin_user_template',`
|
||||
allow $1_t self:cap_userns sys_ptrace;
|
||||
allow $1_t self:process { setexec setfscreate };
|
||||
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
|
||||
allow $1_t self:netlink_tcpdiag_socket create_netlink_socket_perms;
|
||||
allow $1_t self:tun_socket create;
|
||||
# Set password information for other users.
|
||||
allow $1_t self:passwd { passwd chfn chsh };
|
||||
|
Loading…
Reference in New Issue
Block a user