23 lines
965 B
Diff
23 lines
965 B
Diff
From 193883f3bcfb64143f5ae6754021d0f4d7bfa16d Mon Sep 17 00:00:00 2001
|
|
From: Nikola Knazekova <nknazeko@redhat.com>
|
|
Date: Thu, 27 Oct 2022 15:06:35 +0200
|
|
Subject: [PATCH] Allow dhcpd bpf capability to run bpf programs
|
|
|
|
Resolves: rhbz#2134827
|
|
---
|
|
policy/modules/contrib/dhcp.te | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/policy/modules/contrib/dhcp.te b/policy/modules/contrib/dhcp.te
|
|
index dab0abe4cb..67c865926b 100644
|
|
--- a/policy/modules/contrib/dhcp.te
|
|
+++ b/policy/modules/contrib/dhcp.te
|
|
@@ -39,6 +39,7 @@ files_pid_file(dhcpd_var_run_t)
|
|
|
|
allow dhcpd_t self:capability { chown dac_read_search dac_override fowner sys_chroot net_raw kill setgid setuid setpcap sys_resource };
|
|
dontaudit dhcpd_t self:capability { net_admin sys_admin sys_tty_config };
|
|
+allow dhcpd_t self:capability2 bpf;
|
|
allow dhcpd_t self:process { getcap setcap signal_perms };
|
|
allow dhcpd_t self:fifo_file rw_fifo_file_perms;
|
|
allow dhcpd_t self:tcp_socket { accept listen };
|