# List of files that get special attribute labeling

# Network related utilities
cap_net_admin=pe	/usr/sbin/ethtool
cap_net_admin=pe	/sbin/tc
cap_net_admin=pe	/bin/ip
cap_net_admin=pe	/sbin/iptables
cap_net_admin=pe	/sbin/ip6tables
cap_net_admin=pe	/sbin/ipset
cap_net_admin=pe	/usr/sbin/conntrack
cap_net_admin=pe	/usr/sbin/arp
cap_net_admin=pe	/usr/sbin/brctl

# Raw sockets
cap_net_raw=pe	/usr/bin/tshark
cap_net_raw=pe	/usr/sbin/tcpdump
cap_net_raw=pe	/bin/ping
cap_net_raw=pe	/bin/ping6

# Special case to allow command login
cap_audit_write=pe /bin/vbash

# Allow changes to system settings
cap_sys_admin=pe /sbin/sysctl

# Module install
cap_sys_module=pe /sbin/modprobe

# Set time
cap_sys_time=pe	/bin/date
cap_sys_time=pe /usr/sbin/ntpdate