https://bugzilla.redhat.com/show_bug.cgi?id=2088450
Petr Menšík pemensik@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(pemensik@redhat.c | |om) |
--- Comment #14 from Petr Menšík pemensik@redhat.com --- What you refer to is covered by capabilities CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH, which are NOT granted to services on Fedora. Systemd just do not grant those capabilities even to services running under root. Do I undestand it well this is limitation of sysrepo package and not directly in netopeer2?
I have found a reference [1], but they are described in man 7 capabilities. I think this might be a blocker, I will have to ask someone smarter what are guidelines for similar services. Perhaps I have to read a bit more about sysrepo, what it does and how.
1. in https://fedoraproject.org/wiki/SELinux/Unsound_or_dangerous_SELinux_policy_p...