Allow setsched for virsh

author Miroslav Grepl <mgrepl@redhat.com>

Thu, 14 Jul 2011 18:32:49 +0000 (18:32 +0000)

committer Miroslav Grepl <mgrepl@redhat.com>

Thu, 14 Jul 2011 18:32:49 +0000 (18:32 +0000)
author Miroslav Grepl <mgrepl@redhat.com>
Thu, 14 Jul 2011 18:32:49 +0000 (18:32 +0000)
committer Miroslav Grepl <mgrepl@redhat.com>
Thu, 14 Jul 2011 18:32:49 +0000 (18:32 +0000)
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te

index e137a51c9cce6fdb8897bf48277e26f30f80ead5..441810b85e5a48e5eb96f7146bb0a79b614e8bea 100644 (file)
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -609,8 +609,8 @@ init_system_domain(virsh_t, virsh_exec_t)
  typealias virsh_t alias xm_t;
  typealias virsh_exec_t alias xm_exec_t;
  
-allow virsh_t self:capability { setpcap setsched dac_override ipc_lock sys_tty_config };
-allow virsh_t self:process { getcap getsched setcap signal };
+allow virsh_t self:capability { setpcap dac_override ipc_lock sys_tty_config };
+allow virsh_t self:process { getcap getsched setsched setcap signal };
  allow virsh_t self:fifo_file rw_fifo_file_perms;
  allow virsh_t self:unix_stream_socket { create_stream_socket_perms connectto };
  allow virsh_t self:tcp_socket create_stream_socket_perms;
author	Miroslav Grepl <mgrepl@redhat.com>
	Thu, 14 Jul 2011 18:32:49 +0000 (18:32 +0000)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Thu, 14 Jul 2011 18:32:49 +0000 (18:32 +0000)