Add CAP_NET_ADMIN and CAP_NET_RAW to xtables-muti for nether

author jooseong lee <jooseong.lee@samsung.com>

Wed, 23 Nov 2016 01:23:15 +0000 (10:23 +0900)

committer jooseong lee <jooseong.lee@samsung.com>

Wed, 23 Nov 2016 01:28:07 +0000 (10:28 +0900)
author jooseong lee <jooseong.lee@samsung.com>
Wed, 23 Nov 2016 01:23:15 +0000 (10:23 +0900)
committer jooseong lee <jooseong.lee@samsung.com>
Wed, 23 Nov 2016 01:28:07 +0000 (10:28 +0900)
diff --git a/config/set_capability b/config/set_capability

index e29d7cf4106918c3d4ff24ecfcaa7b9e78c9c8c9..0d6d0fe0ad9433527188ec0af651bc8b50b801fb 100755 (executable)
--- a/config/set_capability
+++ b/config/set_capability
@@ -336,3 +336,14 @@ fi
  if [ -e "/usr/bin/data-provider-master" ]
  then /usr/sbin/setcap cap_dac_override=eip /usr/bin/data-provider-master
  fi
+
+# Package               platform/upstream/iptables
+# Owner                 Jooseong Lee(jooseong.lee@samsung.com)
+# Date                  Nov 23, 2016
+# Required              cap_net_admin, cap_net_raw
+# cap_net_admin         to work netfilter on nether
+# cap_net_raw           to restore firewall on nether
+
+if [ -e "/usr/sbin/xtables-multi" ]
+then /usr/sbin/setcap cap_net_admin,cap_net_raw=ei /usr/sbin/xtables-multi
+fi
author	jooseong lee <jooseong.lee@samsung.com>
	Wed, 23 Nov 2016 01:23:15 +0000 (10:23 +0900)
committer	jooseong lee <jooseong.lee@samsung.com>
	Wed, 23 Nov 2016 01:28:07 +0000 (10:28 +0900)