# List of files that get special attribute labeling # Network related utilities cap_net_admin=pe /sbin/ethtool cap_net_admin=pe /sbin/tc cap_net_admin=pe /bin/ip # handles /sbin/iptables and /sbin/ip6tables symlink target cap_net_admin=pe /sbin/xtables-legacy-multi cap_net_admin=pe /sbin/xtables-nft-multi cap_net_admin=pe /usr/sbin/conntrack cap_net_admin=pe /usr/sbin/arp # Raw sockets cap_net_raw=pe /usr/bin/tcpdump # Allow changes to system settings cap_net_admin,cap_sys_admin=pe /sbin/sysctl # Module install cap_sys_module=pe /bin/kmod # Set time cap_sys_time=pe /bin/date cap_sys_time=pe /usr/sbin/ntpdate