Allow mptcpd the net_admin capability

dcaratti · zpytela · commit 9104418d6c68 · 2025-06-09T17:23:25.000+02:00
mptcpd needs CAP_NET_ADMIN [1] to configure endpoint/subflows in the kernel: update mptcpd.te accordingly. [1] https://github.com/multipath-tcp/mptcpd Signed-off-by: Davide Caratti <davide.caratti@gmail.com> Resolves: RHEL-81729
diff --git a/policy/modules/contrib/mptcpd.te b/policy/modules/contrib/mptcpd.te
@@ -17,6 +17,8 @@ files_config_file(mptcpd_etc_t)
 #
 # mptcpd local policy
 #
+
+allow mptcpd_t self:capability net_admin;
 allow mptcpd_t self:fifo_file rw_fifo_file_perms;
 allow mptcpd_t self:netlink_generic_socket create_socket_perms;
 allow mptcpd_t self:netlink_route_socket r_netlink_socket_perms;

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ files_config_file(mptcpd_etc_t)`
`17`	`17`	`#`
`18`	`18`	`# mptcpd local policy`
`19`	`19`	`#`
	`20`	`+`
	`21`	`+allow mptcpd_t self:capability net_admin;`
`20`	`22`	`allow mptcpd_t self:fifo_file rw_fifo_file_perms;`
`21`	`23`	`allow mptcpd_t self:netlink_generic_socket create_socket_perms;`
`22`	`24`	`allow mptcpd_t self:netlink_route_socket r_netlink_socket_perms;`