summaryrefslogtreecommitdiff
path: root/sysconf/filecaps
diff options
context:
space:
mode:
Diffstat (limited to 'sysconf/filecaps')
-rw-r--r--sysconf/filecaps31
1 files changed, 31 insertions, 0 deletions
diff --git a/sysconf/filecaps b/sysconf/filecaps
new file mode 100644
index 00000000..80730334
--- /dev/null
+++ b/sysconf/filecaps
@@ -0,0 +1,31 @@
+# List of files that get special attribute labeling
+
+# Network related utilities
+cap_net_admin=pe /usr/sbin/ethtool
+cap_net_admin=pe /sbin/tc
+cap_net_admin=pe /bin/ip
+cap_net_admin=pe /sbin/iptables
+cap_net_admin=pe /sbin/ip6tables
+cap_net_admin=pe /sbin/ipset
+cap_net_admin=pe /usr/sbin/conntrack
+cap_net_admin=pe /usr/sbin/arp
+cap_net_admin=pe /usr/sbin/brctl
+
+# Raw sockets
+cap_net_raw=pe /usr/bin/tshark
+cap_net_raw=pe /usr/sbin/tcpdump
+cap_net_raw=pe /bin/ping
+cap_net_raw=pe /bin/ping6
+
+# Special case to allow command login
+cap_audit_write=pe /bin/vbash
+
+# Allow changes to system settings
+cap_sys_admin=pe /sbin/sysctl
+
+# Module install
+cap_sys_module=pe /sbin/modprobe
+
+# Set time
+cap_sys_time=pe /bin/date
+cap_sys_time=pe /usr/sbin/ntpdate