Support flushing routing cache

To flush the routing cache, ifconfig_t (through the "ip" command) requires sys_admin capability. If not: ~# ip route flush cache Cannot flush routing cache Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-10-19 20:51:25 +02:00 · 2012-10-19 20:51:25 +02:00 · 7ed91bfafd
commit 7ed91bfafd
parent d29f5d4e72
1 changed files with 1 additions and 1 deletions
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@ -243,7 +243,7 @@ optional_policy(`
 # Ifconfig local policy
 #

-allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
+allow ifconfig_t self:capability { net_raw net_admin sys_admin sys_tty_config };
 allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
 allow ifconfig_t self:fd use;
 allow ifconfig_t self:fifo_file rw_fifo_file_perms;