Merge "grant bpfloader CAP_CHOWN"

2020-02-14 21:19:16 +00:00 · 2020-02-14 21:19:16 +00:00 · 1d896ff5e5
commit 1d896ff5e5
parent b4d3c575b3 1189fac418
1 changed files with 1 additions and 1 deletions
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@ -12,7 +12,7 @@ allow bpfloader devpts:chr_file { read write };
 # for retrieving a pinned map when bpfloader do a run time restart.
 allow bpfloader self:bpf { prog_load prog_run map_read map_write map_create };

-allow bpfloader self:global_capability_class_set sys_admin;
+allow bpfloader self:capability { chown sys_admin };

 ###
 ### Neverallow rules