From: guido@trentalancia.net (Guido Trentalancia) Date: Fri, 30 Dec 2016 19:59:47 +0100 Subject: [refpolicy] [PATCH 2/2] networkmanager: add new wake_alarm permission (capability2) In-Reply-To: <1483124342.3970.1.camel@trentalancia.net> References: <1483124342.3970.1.camel@trentalancia.net> Message-ID: <1483124387.3970.2.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Add the new wake_alarm permission from the capability2 class to the NetworkManager module. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/networkmanager.te | 1 + 1 file changed, 1 insertion(+) diff -pru a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te --- a/policy/modules/contrib/networkmanager.te 2016-12-22 23:12:59.388081821 +0100 +++ b/policy/modules/contrib/networkmanager.te 2016-12-30 19:51:25.794977833 +0100 @@ -44,6 +44,7 @@ init_system_domain(wpa_cli_t, wpa_cli_ex allow NetworkManager_t self:capability { fowner chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock }; dontaudit NetworkManager_t self:capability { sys_tty_config sys_module sys_ptrace }; +allow NetworkManager_t self:capability2 wake_alarm; allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms }; allow NetworkManager_t self:fifo_file rw_fifo_file_perms; allow NetworkManager_t self:unix_dgram_socket sendto;