sssd now needs sys_admin

diff --git a/policy/modules/services/sssd.te b/policy/modules/services/sssd.te
index eb8979dbd6c7b9352892a8fb6d3000453818b024..b698994722ee3235efab5be4bac6c75246588599 100644 (file)
--- a/policy/modules/services/sssd.te
+++ b/policy/modules/services/sssd.te
@@ -30,7 +30,7 @@ files_pid_file(sssd_var_run_t)
 # sssd local policy
 #
 
-allow sssd_t self:capability { chown dac_read_search dac_override kill net_admin sys_nice setgid setuid };
+allow sssd_t self:capability { chown dac_read_search dac_override kill net_admin sys_nice setgid setuid sys_admin };
 allow sssd_t self:process { setfscreate setsched sigkill signal getsched };
 allow sssd_t self:fifo_file rw_fifo_file_perms;
 allow sssd_t self:key manage_key_perms;