allow hal_bootctl_default self:capability sys_admin;