commit: c27f6232c179a438d47547012ee3fb63d3ec320e
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Sat Aug 13 13:26:42 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:23:03 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c27f6232
Update the rtkit module
Update the rtkit daemon module so that the daemon can be started.
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
policy/modules/contrib/rtkit.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/rtkit.te b/policy/modules/contrib/rtkit.te
index d6390c7..2e8ac03 100644
--- a/policy/modules/contrib/rtkit.te
+++ b/policy/modules/contrib/rtkit.te
@@ -20,7 +20,7 @@ init_unit_file(rtkit_daemon_unit_t)
# Local policy
#
-allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot
setgid sys_nice sys_ptrace };
+allow rtkit_daemon_t self:capability { dac_read_search setgid setpcap setuid
sys_chroot sys_nice sys_ptrace };
allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
kernel_read_system_state(rtkit_daemon_t)
