From cbe0cbaa0612216dd81f08b900d622755fafe794 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 14 Jul 2011 18:32:49 +0000
Subject: [PATCH] Allow setsched for virsh

---
 policy/modules/services/virt.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index e137a51c..441810b8 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -609,8 +609,8 @@ init_system_domain(virsh_t, virsh_exec_t)
 typealias virsh_t alias xm_t;
 typealias virsh_exec_t alias xm_exec_t;
 
-allow virsh_t self:capability { setpcap setsched dac_override ipc_lock sys_tty_config };
-allow virsh_t self:process { getcap getsched setcap signal };
+allow virsh_t self:capability { setpcap dac_override ipc_lock sys_tty_config };
+allow virsh_t self:process { getcap getsched setsched setcap signal };
 allow virsh_t self:fifo_file rw_fifo_file_perms;
 allow virsh_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow virsh_t self:tcp_socket create_stream_socket_perms;
-- 
2.47.2