diff --git a/policy/modules/services/pyzor.if b/policy/modules/services/pyzor.if index 0059cc7d..7135cbea 100644 --- a/policy/modules/services/pyzor.if +++ b/policy/modules/services/pyzor.if @@ -28,7 +28,7 @@ interface(`pyzor_role',` # allow ps to show pyzor and allow the user to kill it ps_process_pattern($2, pyzor_t) - allow $2 pyzor_t:process signal; + allow $2 pyzor_t:process { ptrace signal_perms }; ') ######################################## diff --git a/policy/modules/services/razor.if b/policy/modules/services/razor.if index 353bcae9..c4e778f0 100644 --- a/policy/modules/services/razor.if +++ b/policy/modules/services/razor.if @@ -131,7 +131,7 @@ interface(`razor_role',` # allow ps to show razor and allow the user to kill it ps_process_pattern($2, razor_t) - allow $2 razor_t:process signal; + allow $2 razor_t:process { ptrace signal_perms }; manage_dirs_pattern($2, razor_home_t, razor_home_t) manage_files_pattern($2, razor_home_t, razor_home_t)