Merge branch 'larkspur' of http://git.vyatta.com/vyatta-cfg-system into larkspur

author: Michael Larson <slioch@slioch.vyatta.com> 2010-06-21 11:09:51 -0700
committer: Michael Larson <slioch@slioch.vyatta.com> 2010-06-21 11:09:51 -0700
commit: d801c05f63b0b16f485b176db64e3147ad7d3086 (patch)
tree: 9829f0bf340a55986aa6d11f1b1d8d5334306abd /sysconf/filecaps
parent: 6d59b5077ef1834379a950437b01d15d687c7a53 (diff)
parent: 7369bf61abd3eed1fdd17a56908cf2c0ffc9843f (diff)
download: vyatta-cfg-system-d801c05f63b0b16f485b176db64e3147ad7d3086.tar.gz
vyatta-cfg-system-d801c05f63b0b16f485b176db64e3147ad7d3086.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/sysconf/filecaps b/sysconf/filecaps
new file mode 100644
index 00000000..1e06c0e8
--- /dev/null
+++ b/sysconf/filecaps
@@ -0,0 +1,26 @@
+# List of files that get special attribute labeling
+
+# Network related utilities
+cap_net_admin=pe	/usr/sbin/ethtool
+cap_net_admin=pe	/sbin/tc
+cap_net_admin=pe	/bin/ip
+cap_net_admin=pe	/sbin/iptables
+cap_net_admin=pe	/sbin/ip6tables
+cap_net_admin=pe/	/usr/sbin/ipset
+cap_net_admin=pe	/usr/sbin/conntrack
+cap_net_admin=pe	/usr/sbin/arp
+cap_net_admin=pe	/usr/sbin/brctl
+
+# Raw sockets
+cap_net_raw=pe	/usr/bin/tshark
+cap_net_raw=pe	/usr/sbin/tcpdump
+
+# Allow changes to system settings
+cap_sys_admin=pe /sbin/sysctl
+
+# Module install
+cap_sys_module=pe /sbin/modprobe
+
+# Set time
+cap_sys_time=pe	/bin/date
+cap_sys_time=pe /usr/sbin/ntpdate
author	Michael Larson <slioch@slioch.vyatta.com>	2010-06-21 11:09:51 -0700
committer	Michael Larson <slioch@slioch.vyatta.com>	2010-06-21 11:09:51 -0700
commit	d801c05f63b0b16f485b176db64e3147ad7d3086 (patch)
tree	9829f0bf340a55986aa6d11f1b1d8d5334306abd /sysconf/filecaps
parent	6d59b5077ef1834379a950437b01d15d687c7a53 (diff)
parent	7369bf61abd3eed1fdd17a56908cf2c0ffc9843f (diff)
download	vyatta-cfg-system-d801c05f63b0b16f485b176db64e3147ad7d3086.tar.gz vyatta-cfg-system-d801c05f63b0b16f485b176db64e3147ad7d3086.zip