Skip to content
Snippets Groups Projects
Commit b5b1e811 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "netd dontaudit fsetid"

parents 93fd6f0a 8d200817
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 3 deletions
netd.te
+ 2
3
View file @ b5b1e811
...@@ -11,9 +11,8 @@ allow netd self:capability { net_admin net_raw kill }; ...@@ -11,9 +11,8 @@ allow netd self:capability { net_admin net_raw kill };
# than one of the groups assigned to the current process to see if # than one of the groups assigned to the current process to see if
# the setgid bit should be cleared, regardless of whether the setgid # the setgid bit should be cleared, regardless of whether the setgid
# bit was even set. We do not appear to truly need this capability # bit was even set. We do not appear to truly need this capability
# for netd to operate. Uncomment the dontaudit rule below after # for netd to operate.
# sufficient testing of the fsetid removal. dontaudit netd self:capability fsetid;
# dontaudit netd self:capability fsetid;
allow netd self:netlink_kobject_uevent_socket create_socket_perms; allow netd self:netlink_kobject_uevent_socket create_socket_perms;
allow netd self:netlink_route_socket nlmsg_write; allow netd self:netlink_route_socket nlmsg_write;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment