Allow smbd_t sys_chroot capability

diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index ef1edc616ee9598bc6004e5be25deb5ab9631cd4..b93119440f999f29f4d16e9ba1ace0f17efdc7a9 100644 (file)
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -228,7 +228,7 @@ optional_policy(`
 #
 # smbd Local policy
 #
-allow smbd_t self:capability { chown fowner kill setgid setuid sys_nice sys_admin sys_resource lease dac_override dac_read_search };
+allow smbd_t self:capability { chown fowner kill setgid setuid sys_chroot sys_nice sys_admin sys_resource lease dac_override dac_read_search };
 dontaudit smbd_t self:capability sys_tty_config;
 allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
 allow smbd_t self:process setrlimit;