22 lines
774 B
Diff
22 lines
774 B
Diff
commit 081aa84d3809b64f3e7765abf13a9a90f1072ec8
|
|
Author: Nathan Scott <nathans@redhat.com>
|
|
Date: Tue May 6 11:46:14 2025 +1000
|
|
|
|
selinux: additional policy needed for pcp_pmie_t using ps(1)
|
|
|
|
Resolves Fedora BZ 2363903.
|
|
|
|
diff --git a/src/selinux/pcp.te b/src/selinux/pcp.te
|
|
index a30144950..9cbd59bd2 100644
|
|
--- a/src/selinux/pcp.te
|
|
+++ b/src/selinux/pcp.te
|
|
@@ -247,7 +247,7 @@ optional_policy(`
|
|
#
|
|
# pcp_pmie local policy
|
|
#
|
|
-allow pcp_pmie_t self:capability { chown fsetid sys_ptrace };
|
|
+allow pcp_pmie_t self:capability { chown fsetid sys_admin sys_ptrace };
|
|
allow pcp_pmie_t self:cap_userns sys_ptrace;
|
|
allow pcp_pmie_t self:netlink_route_socket { create_socket_perms nlmsg_read };
|
|
allow pcp_pmie_t self:unix_dgram_socket { create_socket_perms sendto };
|