2016-12-28 10:57:02

by Russell Coker

[permalink] [raw]
Subject: [refpolicy] rpcbind capability net_admin

rpcbind is asking for net_admin capability, but it appears to work without it.
Why does it ask for it?

Below is what capability.h claims CAP_NET_ADMIN provides. Would it be setting
a debug option or setting the TOS?

/* Allow interface configuration */
/* Allow administration of IP firewall, masquerading and accounting */
/* Allow setting debug option on sockets */
/* Allow modification of routing tables */
/* Allow setting arbitrary process / process group ownership on
sockets */
/* Allow binding to any address for transparent proxying (also via NET_RAW) */
/* Allow setting TOS (type of service) */
/* Allow setting promiscuous mode */
/* Allow clearing driver statistics */
/* Allow multicasting */
/* Allow read/write of device-specific registers */
/* Allow activation of ATM control sockets */

--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/