From 729e928acddb046938f3b327fefa5662bdac88b7 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <shemminger@vyatta.com>
Date: Mon, 17 Oct 2011 10:36:08 -0700
Subject: allow rmmod without being root (with capability)

Set capability bit on more rmmod and more capabilities for sysctl
---
 sysconf/filecaps | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sysconf/filecaps b/sysconf/filecaps
index 163989b2..904b0938 100644
--- a/sysconf/filecaps
+++ b/sysconf/filecaps
@@ -16,10 +16,11 @@ cap_net_raw=pe	/usr/bin/tshark
 cap_net_raw=pe	/usr/sbin/tcpdump
 
 # Allow changes to system settings
-cap_sys_admin=pe /sbin/sysctl
+cap_net_admin,cap_sys_admin=pe /sbin/sysctl
 
 # Module install
 cap_sys_module=pe /sbin/modprobe
+cap_sys_module=pe /sbin/rmmod
 
 # Set time
 cap_sys_time=pe	/bin/date
-- 
cgit v1.2.3


From d1f64e253ba4049d5950adcf1e7e94d25078cca6 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <shemminger@vyatta.com>
Date: Mon, 17 Oct 2011 10:36:57 -0700
Subject: 0.19.123

---
 debian/changelog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index e56c740d..cbe17504 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vyatta-cfg-system (0.19.123) unstable; urgency=low
+
+  * allow rmmod without being root (with capability)
+
+ -- Stephen Hemminger <shemminger@vyatta.com>  Mon, 17 Oct 2011 10:36:57 -0700
+
 vyatta-cfg-system (0.19.122) unstable; urgency=low
 
   * Bugfix 7551: Fix vlan address completion text
-- 
cgit v1.2.3