From: bigon@debian.org (Laurent Bigonville) Date: Sat, 12 Jan 2013 22:32:29 +0100 Subject: [refpolicy] [PATCH 11/13] Add initrc_t to use block_suspend capability In-Reply-To: <1358026351-12955-1-git-send-email-bigon@debian.org> References: <1358026351-12955-1-git-send-email-bigon@debian.org> Message-ID: <1358026351-12955-12-git-send-email-bigon@debian.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com From: Laurent Bigonville This is needed by nm-dispatcher.action witch is labeled as NetworkManager_initc_exec_t and is transitioned to initrc_t --- policy/modules/system/init.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index dd3be8d..eb18638 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -226,6 +226,7 @@ optional_policy(` allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched }; allow initrc_t self:capability ~{ sys_admin sys_module }; +allow initrc_t self:capability2 block_suspend; dontaudit initrc_t self:capability sys_module; # sysctl is triggering this allow initrc_t self:passwd rootok; allow initrc_t self:key manage_key_perms; -- 1.7.10.4