Mount usinging the curlftpfs will require sys_nice and setsched

author Dan Walsh <dwalsh@redhat.com>

Thu, 17 Nov 2011 21:31:16 +0000 (16:31 -0500)

committer Dan Walsh <dwalsh@redhat.com>

Thu, 17 Nov 2011 21:31:16 +0000 (16:31 -0500)
author Dan Walsh <dwalsh@redhat.com>
Thu, 17 Nov 2011 21:31:16 +0000 (16:31 -0500)
committer Dan Walsh <dwalsh@redhat.com>
Thu, 17 Nov 2011 21:31:16 +0000 (16:31 -0500)
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te

index f1121f7c428cac946fbc7c1abc6b303f9ef92607..b06d0482cf80b64556614c72a2692fb2c013128c 100644 (file)
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -47,8 +47,8 @@ role system_r types showmount_t;
  #
  
  # setuid/setgid needed to mount cifs 
-allow mount_t self:capability { fsetid fowner ipc_lock setpcap sys_rawio sys_resource sys_admin dac_override dac_read_search chown sys_tty_config setuid setgid };
-allow mount_t self:process { getcap getsched setcap setrlimit signal };
+allow mount_t self:capability { fsetid fowner ipc_lock setpcap sys_rawio sys_resource sys_admin dac_override dac_read_search chown sys_tty_config setuid setgid sys_nice };
+allow mount_t self:process { getcap getsched setsched setcap setrlimit signal };
  tunable_policy(`deny_ptrace',`',`
         allow mount_t self:process ptrace;
  ')
author	Dan Walsh <dwalsh@redhat.com>
	Thu, 17 Nov 2011 21:31:16 +0000 (16:31 -0500)
committer	Dan Walsh <dwalsh@redhat.com>
	Thu, 17 Nov 2011 21:31:16 +0000 (16:31 -0500)