From e623c10ab41ee4187fc43e9a7a832b1c8c6e0527 Mon Sep 17 00:00:00 2001
From: Anthony Rabbito <hello@anthonyrabbito.com>
Date: Sun, 3 Sep 2023 12:15:59 -0400
Subject: feat(T5544): Allow CAP_SYS_MODULE to be set on containers

Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com>
---
 interface-definitions/container.xml.in | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'interface-definitions/container.xml.in')

diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index 6b712a70f..9d8b1e057 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -25,7 +25,7 @@
             <properties>
               <help>Container capabilities/permissions</help>
               <completionHelp>
-                <list>net-admin net-bind-service net-raw setpcap sys-admin sys-time</list>
+                <list>net-admin net-bind-service net-raw setpcap sys-admin sys-module sys-time</list>
               </completionHelp>
               <valueHelp>
                 <format>net-admin</format>
@@ -47,12 +47,16 @@
                 <format>sys-admin</format>
                 <description>Administation operations (quotactl, mount, sethostname, setdomainame)</description>
               </valueHelp>
+              <valueHelp>
+                <format>sys-module</format>
+                <description>Load and unload kernel modules</description>
+              </valueHelp>
               <valueHelp>
                 <format>sys-time</format>
                 <description>Permission to set system clock</description>
               </valueHelp>
               <constraint>
-                <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-time)</regex>
+                <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-module|sys-time)</regex>
               </constraint>
               <multi/>
             </properties>
-- 
cgit v1.2.3