zygote requires setpcap in order to drop from its bounding set. (e468016b) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit e468016b authored 12 years ago by Stephen Smalley

zygote requires setpcap in order to drop from its bounding set.

I8560fa5ad125bf31f0d13be513431697bc7d22bb changed the zygote
to limit the bounding capability set to CAP_NET_RAW. This triggers
a CAP_SETPCAP check by the kernel, which requires SELinux setpcap permission.

Change-Id: Ib910d97dcf708273e2806e2824f4abe9fc239d6d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

parent 58b0fb6d

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 2 additions and 0 deletions

Please register or to comment