From: guido@trentalancia.net (Guido Trentalancia)
Date: Wed, 10 Aug 2016 02:16:09 +0200
Subject: [refpolicy] [PATCH] Update the rtkit module
Message-ID: <1470788169.2788.0.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Update the rtkit daemon module so that the daemon can be started.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/rtkit.te |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

--- refpolicy-git-06082016-orig/policy/modules/contrib/rtkit.te	2016-08-06 21:27:11.420095090 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/rtkit.te	2016-08-10 02:06:22.708084566 +0200
@@ -20,7 +20,7 @@ init_unit_file(rtkit_daemon_unit_t)
 # Local policy
 #
 
-allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
+allow rtkit_daemon_t self:capability { dac_read_search setgid setpcap setuid sys_chroot sys_nice sys_ptrace };
 allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
 
 kernel_read_system_state(rtkit_daemon_t)
@@ -37,6 +37,13 @@ logging_send_syslog_msg(rtkit_daemon_t)
 miscfiles_read_localization(rtkit_daemon_t)
 
 optional_policy(`
+	gen_require(`
+		type user_t;
+	')
+	rtkit_daemon_dbus_chat(user_t)
+')
+
+optional_policy(`
 	dbus_system_domain(rtkit_daemon_t, rtkit_daemon_exec_t)
 
 	optional_policy(`