23 lines
955 B
Diff
23 lines
955 B
Diff
From d9ae9be30d67166caf9c5d6d3e0757317e5b49b9 Mon Sep 17 00:00:00 2001
|
|
From: Nikola Knazekova <nknazeko@redhat.com>
|
|
Date: Thu, 27 Oct 2022 14:22:31 +0200
|
|
Subject: [PATCH] Allow lldpad bpf capability to run bpf programs
|
|
|
|
Resolves: rhbz#2134827
|
|
---
|
|
policy/modules/contrib/lldpad.te | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/policy/modules/contrib/lldpad.te b/policy/modules/contrib/lldpad.te
|
|
index 075893cb9d..ffe3796484 100644
|
|
--- a/policy/modules/contrib/lldpad.te
|
|
+++ b/policy/modules/contrib/lldpad.te
|
|
@@ -27,6 +27,7 @@ systemd_mount_dir(lldpad_var_run_t)
|
|
#
|
|
allow lldpad_t self:capability { chown dac_override fowner fsetid kill net_admin net_raw setgid setuid sys_chroot sys_resource };
|
|
dontaudit lldpad_t self:capability { sys_admin };
|
|
+allow lldpad_t self:capability2 bpf;
|
|
allow lldpad_t self:shm create_shm_perms;
|
|
allow lldpad_t self:fifo_file rw_fifo_file_perms;
|
|
allow lldpad_t self:unix_stream_socket { accept connectto listen };
|