On Fri, 1 Jun 2018 at 11:28, Aaron Conole wrote:
>
> The ovs-vswitchd daemon requires both CAP_NET_RAW and
> CAP_NET_BROADCAST, but these are generally policy prevented by
> selinux. This allows these capabilities to be retained by the
> openvswitch_t domain.
>
> example:
>
> type=AVC msg=audit
The ovs-vswitchd daemon requires both CAP_NET_RAW and
CAP_NET_BROADCAST, but these are generally policy prevented by
selinux. This allows these capabilities to be retained by the
openvswitch_t domain.
example:
type=AVC msg=audit(1527876508.109:3043): avc: denied {
net_broadcast } for pid=5