2020-04-11 03:25:43

by Russell Coker

[permalink] [raw]
Subject: what is cap_userns?

allow sysadm_t self:cap_userns sys_ptrace;

The above is from audit2allow. Do we need macros to grant all user domains
this sort of access?

--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/




2020-04-14 16:27:23

by Chris PeBenito

[permalink] [raw]
Subject: Re: what is cap_userns?

On 4/10/20 11:21 PM, Russell Coker wrote:
> allow sysadm_t self:cap_userns sys_ptrace;
>
> The above is from audit2allow. Do we need macros to grant all user domains
> this sort of access?

This is a capability in a user namespace.

--
Chris PeBenito