From: Miroslav Grepl <mgrepl@redhat.com>
Date: Mon, 11 Jul 2011 11:02:40 +0000 (+0000)
Subject: Allow dirsrvadmin sys_resource and setrlimit to use ulimit
X-Git-Tag: 000~732
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a462fcb60b17cc9eaca9da449c7064b6b72989b6;p=people%2Fstevee%2Fselinux-policy.git

Allow dirsrvadmin sys_resource and setrlimit to use ulimit
---

diff --git a/policy/modules/services/dirsrv-admin.te b/policy/modules/services/dirsrv-admin.te
index b7fc0069..52141201 100644
--- a/policy/modules/services/dirsrv-admin.te
+++ b/policy/modules/services/dirsrv-admin.te
@@ -21,7 +21,8 @@ files_tmp_file(dirsrvadmin_tmp_t)
 # Local policy for the daemon
 #
 allow dirsrvadmin_t self:fifo_file rw_fifo_file_perms;
-allow dirsrvadmin_t self:capability { dac_read_search dac_override sys_tty_config };
+allow dirsrvadmin_t self:capability { dac_read_search dac_override sys_tty_config sys_resource };
+allow dirsrvadmin_t self:process setrlimit;
 
 manage_files_pattern(dirsrvadmin_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
 manage_dirs_pattern(dirsrvadmin_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)