From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 30 Dec 2016 19:59:47 +0100
Subject: [refpolicy] [PATCH 2/2] networkmanager: add new wake_alarm
 permission (capability2)
In-Reply-To: <1483124342.3970.1.camel@trentalancia.net>
References: <1483124342.3970.1.camel@trentalancia.net>
Message-ID: <1483124387.3970.2.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Add the new wake_alarm permission from the capability2 class
to the NetworkManager module.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/networkmanager.te |    1 +
 1 file changed, 1 insertion(+)

diff -pru a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te
--- a/policy/modules/contrib/networkmanager.te	2016-12-22 23:12:59.388081821 +0100
+++ b/policy/modules/contrib/networkmanager.te	2016-12-30 19:51:25.794977833 +0100
@@ -44,6 +44,7 @@ init_system_domain(wpa_cli_t, wpa_cli_ex
 
 allow NetworkManager_t self:capability { fowner chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock };
 dontaudit NetworkManager_t self:capability { sys_tty_config sys_module sys_ptrace };
+allow NetworkManager_t self:capability2 wake_alarm;
 allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
 allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
 allow NetworkManager_t self:unix_dgram_socket sendto;