On Thu, 2008-01-10 at 10:34 -0600, Serge E. Hallyn wrote: > The setfcap capability is needed to be allowed to assign file > capabilities. Define the capability in access_vectors. > > Of course I'll need to go through the modules and actually > assign the capability to those where it makes sense, i.e. > presumably admin/rpm.te... > > Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx> > --- > policy/flask/access_vectors | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors > index c986778..45d9773 100644 > --- a/policy/flask/access_vectors > +++ b/policy/flask/access_vectors > @@ -381,6 +381,7 @@ class capability > lease > audit_write > audit_control > + setfcap > } Merged. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
