Commit c15a82ae authored by Jorge Lucangeli Obes's avatar Jorge Lucangeli Obes
Browse files

racoon: Explicitly request CAP_NET_BIND_SERVICE, CAP_NET_RAW.

'racoon' was not explicitly requesting these capabilities. Add them.
This makes racoon's requested capabilities match its SELinux policy.
With racoon explicitly requesting all its capabilities, we can start
it as user 'vpn'.

Bug: 34744732
Test: 'start racoon', 'cat /proc/`pgrep racoon`/status'.
Test: "Uid" lines show 'vpn' uid (1016).
Test: "Cap" lines show correct mask: 0000000000003400
Change-Id: Ic3823de600a0b7dba9024346e17567e404a01a91
parent 1317baff
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment