dovecot & cap_net_admin capability
Michal Hlavinka
mhlavink at redhat.com
Tue Jun 20 14:18:33 EEST 2017
Hi,
we've seen SELinux reports from our users that dovecot tried to use
something that needs CAP_NET_ADMIN capability. Before enabling it, we
would like to know where it originated from. I've checked the sources,
but was not able to find anything that would require this capability. Do
you know for what it is used?
CAP_NET_ADMIN
Perform various network-related operations:
* interface configuration;
* administration of IP firewall, masquerading, and accounting;
* modify routing tables;
* bind to any address for transparent proxying "IP_TRANSPARENT";
* set type-of-service (TOS) "IP_TOS"
* clear driver statistics;
* set promiscuous mode;
* enabling multicasting;
* use setsockopt(2) to set the following socket options:
SO_DEBUG, SO_MARK, SO_PRIORITY (for a priority outside the range 0 to
6),SO_RCVBUFFORCE, and SO_SNDBUFFORCE
Cheers,
Michal Hlavinka
More information about the dovecot
mailing list