selinux/passt.te: Allow setcap on the process itself

This is needed by the new functions in isolate.c, add the corresponding rule. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2024-06-30 15:02:40 +00:00 · 2023-02-21 18:06:05 +00:00 · 2023-02-21 18:06:05 +00:00 · 7d9150db0a
commit 7d9150db0a
parent 01801b131f
1 changed files with 1 additions and 0 deletions
--- a/contrib/selinux/passt.te
+++ b/contrib/selinux/passt.te
@ -90,6 +90,7 @@ allow passt_t user_devpts_t:chr_file { getattr read write ioctl };
 logging_send_syslog_msg(passt_t)
 allow syslogd_t self:cap_userns sys_ptrace;

+allow passt_t self:process setcap;
 allow passt_t self:capability { sys_tty_config setpcap net_bind_service };
 allow passt_t self:cap_userns { setpcap sys_admin sys_ptrace };