templates/kernelmanager.root: Adjust capabilities (#1948)

* Following capabilities are removed as not commonly used on Kernel Managers: - CAP_SYS_NICE - CAP_PERFMON - CAP_SYS_MODULE - CAP_SYS_RESOURCE * Added CAP_DAC_OVERRIDE to prevent read/write permission issues Signed-off-by: Rem01Gaming <Rem01_Gaming@proton.me>
2024-08-25 11:02:13 +07:00
parent 9a71bdf891
commit f4561e51a8
1 changed files with 2 additions and 5 deletions
--- a/website/docs/public/templates/kernelmanager.root
+++ b/website/docs/public/templates/kernelmanager.root
@@ -10,13 +10,10 @@
        "READPROC"
    ],
    "capabilities":[
-        "CAP_SYS_MODULE",
-        "CAP_SYS_NICE",
-        "CAP_SYS_RESOURCE",
        "CAP_KILL",
        "CAP_SYSLOG",
-        "CAP_PERFMON",
-        "CAP_SYS_BOOT"
+        "CAP_SYS_BOOT",
+        "CAP_DAC_OVERRIDE"
    ],
    "context":"u:r:su:s0",
    "namespace":"INHERITED",