nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support flushing routing cache

Browse Source 
To flush the routing cache, ifconfig_t (through the "ip" command) requires
sys_admin capability. If not:

~# ip route flush cache
Cannot flush routing cache

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2012-10-19 20:51:25 +02:00 committed by Chris PeBenito
parent d29f5d4e72
commit 7ed91bfafd
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/sysnetwork.te
View File

@ -243,7 +243,7 @@ optional_policy(`
# Ifconfig local policy # Ifconfig local policy
# #
allow ifconfig_t self:capability { net_raw net_admin sys_tty_config }; allow ifconfig_t self:capability { net_raw net_admin sys_admin sys_tty_config };
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack }; allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
allow ifconfig_t self:fd use; allow ifconfig_t self:fd use;
allow ifconfig_t self:fifo_file rw_fifo_file_perms; allow ifconfig_t self:fifo_file rw_fifo_file_perms;