23 lines
960 B
Diff
23 lines
960 B
Diff
From f7ee387e69162a3e82cb328d42e6e308aa1ad752 Mon Sep 17 00:00:00 2001
|
|
From: Nikola Knazekova <nknazeko@redhat.com>
|
|
Date: Thu, 27 Oct 2022 14:21:32 +0200
|
|
Subject: [PATCH] Allow keepalived bpf capability to run bpf programs
|
|
|
|
Resolves: rhbz#2134827
|
|
---
|
|
policy/modules/contrib/keepalived.te | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/policy/modules/contrib/keepalived.te b/policy/modules/contrib/keepalived.te
|
|
index 0879eeb4ec..ff0b498188 100644
|
|
--- a/policy/modules/contrib/keepalived.te
|
|
+++ b/policy/modules/contrib/keepalived.te
|
|
@@ -38,6 +38,7 @@ files_tmpfs_file(keepalived_tmpfs_t)
|
|
#
|
|
|
|
allow keepalived_t self:capability { net_admin net_raw kill dac_read_search setuid setgid sys_admin sys_nice sys_ptrace };
|
|
+allow keepalived_t self:capability2 bpf;
|
|
allow keepalived_t self:process { signal_perms getpgid setpgid setsched };
|
|
allow keepalived_t self:icmp_socket create_socket_perms;
|
|
allow keepalived_t self:netlink_socket create_socket_perms;
|