From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 14 Apr 2017 01:24:58 +0200
Subject: [refpolicy] [PATCH 4/10] dbus: add process getcap permission
Message-ID: <1492125898.14193.42.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Update the dbus module with a new permission.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/dbus.te |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- refpolicy-2.20170204-orig/policy/modules/contrib/dbus.te	2017-02-04 19:30:39.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/contrib/dbus.te	2017-04-13 11:46:29.263364408 +0200
@@ -170,7 +171,7 @@ optional_policy(`
 #
 
 dontaudit session_bus_type self:capability sys_resource;
-allow session_bus_type self:process { getattr sigkill signal };
+allow session_bus_type self:process { getattr getcap sigkill signal };
 dontaudit session_bus_type self:process { ptrace setrlimit };
 allow session_bus_type self:file { getattr read write };
 allow session_bus_type self:fifo_file rw_fifo_file_perms;