#
allow consolekit_t self:capability { chown setuid setgid sys_tty_config dac_override sys_nice };
+tunable_policy(`deny_ptrace',`',`
+ allow consolekit_t self:capability sys_ptrace;
+')
allow consolekit_t self:process { getsched signal };
allow consolekit_t self:fifo_file rw_fifo_file_perms;
#
allow policykit_t self:capability { dac_override dac_read_search setgid setuid };
+tunable_policy(`deny_ptrace',`',`
+ allow policykit_t self:capability sys_ptrace;
+')
+
allow policykit_t self:process { getscheda signal };
allow policykit_t self:unix_dgram_socket create_socket_perms;
allow policykit_t self:unix_stream_socket { create_stream_socket_perms connectto };