From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 31 Dec 2012 23:52:25 +0100
Subject: [refpolicy] [PATCH 06/12] Grant sys_admin capability to puppet
In-Reply-To: <1356994351-29191-1-git-send-email-sven.vermeulen@siphos.be>
References: <1356994351-29191-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1356994351-29191-7-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

While gathering information, puppet invokes lspci, which requires the sys_admin
capability.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 puppet.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/puppet.te b/puppet.te
index f3f1c1f..5a256e3 100644
--- a/puppet.te
+++ b/puppet.te
@@ -58,7 +58,7 @@ files_tmp_file(puppetmaster_tmp_t)
 # Local policy
 #
 
-allow puppet_t self:capability { chown fowner fsetid setuid setgid dac_override sys_nice sys_tty_config };
+allow puppet_t self:capability { chown fowner fsetid setuid setgid dac_override sys_admin sys_nice sys_tty_config };
 allow puppet_t self:process { signal signull getsched setsched };
 allow puppet_t self:fifo_file rw_fifo_file_perms;
 allow puppet_t self:netlink_route_socket nlmsg_write;
-- 
1.7.8.6