commit 081aa84d3809b64f3e7765abf13a9a90f1072ec8
Author: Nathan Scott <nathans@redhat.com>
Date:   Tue May 6 11:46:14 2025 +1000

    selinux: additional policy needed for pcp_pmie_t using ps(1)
    
    Resolves Fedora BZ 2363903.

diff --git a/src/selinux/pcp.te b/src/selinux/pcp.te
index a30144950..9cbd59bd2 100644
--- a/src/selinux/pcp.te
+++ b/src/selinux/pcp.te
@@ -247,7 +247,7 @@ optional_policy(`
 #
 # pcp_pmie local  policy
 #
-allow pcp_pmie_t self:capability { chown fsetid sys_ptrace };
+allow pcp_pmie_t self:capability { chown fsetid sys_admin sys_ptrace };
 allow pcp_pmie_t self:cap_userns sys_ptrace;
 allow pcp_pmie_t self:netlink_route_socket { create_socket_perms nlmsg_read };
 allow pcp_pmie_t self:unix_dgram_socket { create_socket_perms sendto };