From: bigon@debian.org (Laurent Bigonville)
Date: Mon, 17 Dec 2012 20:58:13 +0100
Subject: [refpolicy] [PATCH 5/9] Allow pcscd the fsetid capability
In-Reply-To: <1355774297-13606-1-git-send-email-bigon@debian.org>
References: <1355774297-13606-1-git-send-email-bigon@debian.org>
Message-ID: <1355774297-13606-5-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

---
 pcscd.te |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pcscd.te b/pcscd.te
index b7b82ab..5e44a7b 100644
--- a/pcscd.te
+++ b/pcscd.te
@@ -21,7 +21,7 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd")
 # Local policy
 #
 
-allow pcscd_t self:capability { dac_override dac_read_search };
+allow pcscd_t self:capability { dac_override dac_read_search fsetid };
 allow pcscd_t self:process signal;
 allow pcscd_t self:fifo_file rw_fifo_file_perms;
 allow pcscd_t self:unix_stream_socket { accept listen };
-- 
1.7.10.4