From: dominick.grift@gmail.com (grift)
Date: Mon, 17 Dec 2012 21:38:23 +0100
Subject: [refpolicy] [PATCH 8/9] Allow capability block_suspend to
 system_dbusd_t
In-Reply-To: <1355774297-13606-8-git-send-email-bigon@debian.org>
References: <1355774297-13606-1-git-send-email-bigon@debian.org>
	<1355774297-13606-8-git-send-email-bigon@debian.org>
Message-ID: <1355776703.2269.13.camel@localhost>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2012-12-17 at 20:58 +0100, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> ---
>  dbus.te |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/dbus.te b/dbus.te
> index 2ed2d6e..c418ebb 100644
> --- a/dbus.te
> +++ b/dbus.te
> @@ -57,6 +57,7 @@ ifdef(`enable_mls',`
>  #
>  
>  allow system_dbusd_t self:capability { sys_resource dac_override setgid setpcap setuid };
> +allow system_dbusd_t self:capability2 block_suspend;
>  dontaudit system_dbusd_t self:capability sys_tty_config;
>  allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap setrlimit };
>  allow system_dbusd_t self:fifo_file rw_fifo_file_perms;

I am not confident about this.
Do you stil have the avc denial of this event?