diff options
| author |   Chris PeBenito <pebenito@ieee.org> | 2017-02-15 18:47:33 -0500 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2017-02-17 16:13:38 +0800 |
| commit | b8090bfeb7461011bfbbfc43d47caab6fc863d3d (patch) | |
| tree | 6506d53221c4d5a0ca619d4cacbf4c861acccd84 /policy/modules/system/iptables.te | |
| parent | inherited file and fifo perms (diff) | |
| download | hardened-refpolicy-b8090bfeb7461011bfbbfc43d47caab6fc863d3d.tar.gz hardened-refpolicy-b8090bfeb7461011bfbbfc43d47caab6fc863d3d.tar.bz2 hardened-refpolicy-b8090bfeb7461011bfbbfc43d47caab6fc863d3d.zip | |
Sort capabilities permissions from Russell Coker.
Diffstat (limited to 'policy/modules/system/iptables.te')
| -rw-r--r-- | policy/modules/system/iptables.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te index e062e44c..0380f55b 100644 --- a/policy/modules/system/iptables.te +++ b/policy/modules/system/iptables.te @@ -33,7 +33,7 @@ files_pid_file(iptables_var_run_t) # Iptables local policy # -allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw }; +allow iptables_t self:capability { dac_override dac_read_search net_admin net_raw }; dontaudit iptables_t self:capability sys_tty_config; allow iptables_t self:fifo_file rw_fifo_file_perms; allow iptables_t self:process { sigchld sigkill sigstop signull signal }; |