Allow dirsrvadmin sys_resource and setrlimit to use ulimit

diff --git a/policy/modules/services/dirsrv-admin.te b/policy/modules/services/dirsrv-admin.te
index b7fc0069ce4aca38ee5b5f45043778a1711d3578..521412018965d4ae03fce1bb1d2a89b5b04712d0 100644 (file)
--- a/policy/modules/services/dirsrv-admin.te
+++ b/policy/modules/services/dirsrv-admin.te
@@ -21,7 +21,8 @@ files_tmp_file(dirsrvadmin_tmp_t)
 # Local policy for the daemon
 #
 allow dirsrvadmin_t self:fifo_file rw_fifo_file_perms;
-allow dirsrvadmin_t self:capability { dac_read_search dac_override sys_tty_config };
+allow dirsrvadmin_t self:capability { dac_read_search dac_override sys_tty_config sys_resource };
+allow dirsrvadmin_t self:process setrlimit;
 
 manage_files_pattern(dirsrvadmin_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
 manage_dirs_pattern(dirsrvadmin_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)