blob: 05923e036ec34af7f6c8218b66a0105c6b12a085 (
plain)
1
2
3
4
5
6
7
8
9
|
# Drop (user, group) to (nobody, nobody)
allow servicemanager self:capability { setuid setgid dac_override setpcap net_raw };
allow servicemanager init:dir search;
allow servicemanager init:file { read open };
allow servicemanager init:process getattr;
#HACK allow servicemanager init_shell:dir search;
#HACK allow servicemanager init_shell:file { read open };
#HACK allow servicemanager init_shell:process getattr;
|
