racoon: Explicitly request CAP_NET_BIND_SERVICE, CAP_NET_RAW.
'racoon' was not explicitly requesting these capabilities. Add them. This makes racoon's requested capabilities match its SELinux policy. With racoon explicitly requesting all its capabilities, we can start it as user 'vpn'. Bug: 34744732 Test: 'start racoon', 'cat /proc/`pgrep racoon`/status'. Test: "Uid" lines show 'vpn' uid (1016). Test: "Cap" lines show correct mask: 0000000000003400 Change-Id: Ic3823de600a0b7dba9024346e17567e404a01a91
Loading
Please sign in to comment