From: russell@coker.com.au (Russell Coker) Date: Wed, 28 Dec 2016 21:57:02 +1100 Subject: [refpolicy] rpcbind capability net_admin Message-ID: <20315667.5eyMeXpxtq@russell.coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com rpcbind is asking for net_admin capability, but it appears to work without it. Why does it ask for it? Below is what capability.h claims CAP_NET_ADMIN provides. Would it be setting a debug option or setting the TOS? /* Allow interface configuration */ /* Allow administration of IP firewall, masquerading and accounting */ /* Allow setting debug option on sockets */ /* Allow modification of routing tables */ /* Allow setting arbitrary process / process group ownership on sockets */ /* Allow binding to any address for transparent proxying (also via NET_RAW) */ /* Allow setting TOS (type of service) */ /* Allow setting promiscuous mode */ /* Allow clearing driver statistics */ /* Allow multicasting */ /* Allow read/write of device-specific registers */ /* Allow activation of ATM control sockets */ -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/