Allow portage to set file capabilities, needed for installations like for wireshark

The installation of the wireshark package (and perhaps others) requires portage setting file capabilities (through the setcap binary). Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-04-28 15:30:12 -04:00 · 2011-04-28 15:30:12 -04:00 · 4061b06a4a
commit 4061b06a4a
parent 9ec9808df5
1 changed files with 1 additions and 1 deletions
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@ -122,7 +122,7 @@ optional_policy(`
 # - setexec to run portage fetch
 allow portage_t self:process { setfscreate setexec };
 # - kill for mysql merging, at least
-allow portage_t self:capability { sys_nice kill };
+allow portage_t self:capability { sys_nice kill setfcap };

 # user post-sync scripts
 can_exec(portage_t, portage_conf_t)