Re: [ovs-dev] [PATCH v3 3/6] selinux: allow openvswitch_t net_broadcast and net_raw

On Fri, 1 Jun 2018 at 11:28, Aaron Conole wrote: > > The ovs-vswitchd daemon requires both CAP_NET_RAW and > CAP_NET_BROADCAST, but these are generally policy prevented by > selinux. This allows these capabilities to be retained by the > openvswitch_t domain. > > example: > > type=AVC msg=audit

[ovs-dev] [PATCH v3 3/6] selinux: allow openvswitch_t net_broadcast and net_raw

The ovs-vswitchd daemon requires both CAP_NET_RAW and CAP_NET_BROADCAST, but these are generally policy prevented by selinux. This allows these capabilities to be retained by the openvswitch_t domain. example: type=AVC msg=audit(1527876508.109:3043): avc: denied { net_broadcast } for pid=5