From: russell@coker.com.au (Russell Coker)
Date: Wed, 28 Dec 2016 21:57:02 +1100
Subject: [refpolicy] rpcbind capability net_admin
Message-ID: <20315667.5eyMeXpxtq@russell.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

rpcbind is asking for net_admin capability, but it appears to work without it.  
Why does it ask for it?

Below is what capability.h claims CAP_NET_ADMIN provides.  Would it be setting 
a debug option or setting the TOS?

/* Allow interface configuration */
/* Allow administration of IP firewall, masquerading and accounting */
/* Allow setting debug option on sockets */
/* Allow modification of routing tables */
/* Allow setting arbitrary process / process group ownership on
   sockets */
/* Allow binding to any address for transparent proxying (also via NET_RAW) */
/* Allow setting TOS (type of service) */
/* Allow setting promiscuous mode */
/* Allow clearing driver statistics */
/* Allow multicasting */
/* Allow read/write of device-specific registers */
/* Allow activation of ATM control sockets */

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/