# List of files that get special attribute labeling

# Network related utilities
cap_net_admin=pe	/sbin/ethtool
cap_net_admin=pe	/sbin/tc
cap_net_admin=pe	/bin/ip
# handles /sbin/iptables and /sbin/ip6tables symlink target
cap_net_admin=pe	/sbin/xtables-multi
cap_net_admin=pe	/usr/sbin/ipset
cap_net_admin=pe	/usr/sbin/conntrack
cap_net_admin=pe	/usr/sbin/arp
cap_net_admin=pe	/sbin/brctl

# Raw sockets
cap_net_raw=pe	/usr/sbin/tcpdump
cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

# Allow changes to system settings
cap_net_admin,cap_sys_admin=pe /sbin/sysctl

# Module install
cap_sys_module=pe /bin/kmod

# Set time
cap_sys_time=pe	/bin/date
cap_sys_time=pe /usr/sbin/ntpdate