[refpolicy] [PATCH 29/34]: patch to add sys_ptrace permission to the dbus module

Wed Feb 16 00:35:37 CST 2011

This patch adds self:capability sys_ptrace to the dbus module.

--- refpolicy-git-02022011-test-apply/policy/modules/services/dbus.te	2011-02-07 02:36:05.874787818 +0100
+++ refpolicy-git-02022011-test-apply2/policy/modules/services/dbus.te	2011-02-07 02:51:51.910683659 +0100
@@ -52,7 +52,7 @@ ifdef(`enable_mls',`
 
 # dac_override: /var/run/dbus is owned by messagebus on Debian
 # cjp: dac_override should probably go in a distro_debian
-allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
+allow system_dbusd_t self:capability { dac_override setgid setpcap setuid sys_ptrace };
 dontaudit system_dbusd_t self:capability sys_tty_config;
 allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap };
 allow system_dbusd_t self:fifo_file rw_fifo_file_perms;


