From: guido@trentalancia.net (Guido Trentalancia)
Date: Sat, 13 Aug 2016 15:26:42 +0200
Subject: [refpolicy] [PATCH v2] Update the rtkit module
In-Reply-To: <1470788169.2788.0.camel@trentalancia.net>
References: <1470788169.2788.0.camel@trentalancia.net>
Message-ID: <1471094802.21480.11.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Update the rtkit daemon module so that the daemon can be started.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/rtkit.te |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- refpolicy-git-06082016-orig/policy/modules/contrib/rtkit.te	2016-08-06 21:27:11.420095090 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/rtkit.te	2016-08-13 15:06:37.239716395 +0200
@@ -20,7 +20,7 @@ init_unit_file(rtkit_daemon_unit_t)
 # Local policy
 #
 
-allow rtkit_daemon_t self:capability { dac_read_search setuid sys_chroot setgid sys_nice sys_ptrace };
+allow rtkit_daemon_t self:capability { dac_read_search setgid setpcap setuid sys_chroot sys_nice sys_ptrace };
 allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
 
 kernel_read_system_state(rtkit_daemon_t)