From 027923e5647f7f0d1ecbaa7fc4d03cbd193a1424 Mon Sep 17 00:00:00 2001
From: LuLuLu <1539327763@qq.com>
Date: Tue, 25 May 2021 20:06:29 +0800
Subject: [PATCH] Allow kdump_t net_admin capability

When reboot with kexec, kdump_t process needs net_admin capability to run ifdown.
---
 policy/modules/contrib/kdump.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/contrib/kdump.te b/policy/modules/contrib/kdump.te
index a253134..7e73c65 100644
--- a/policy/modules/contrib/kdump.te
+++ b/policy/modules/contrib/kdump.te
@@ -41,7 +41,7 @@ files_tmp_file(kdumpctl_tmp_t)
 # kdump local policy
 #
 
-allow kdump_t self:capability { sys_admin sys_boot dac_read_search  };
+allow kdump_t self:capability { sys_admin sys_boot dac_read_search net_admin };
 #allow kdump_t self:capability2 compromise_kernel;
 
 allow kdump_t self:udp_socket create_socket_perms;
-- 
1.8.3.1