From 2361af56746e54c125c2f26c01b647efcb6ea403 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 13 Dec 2011 13:10:54 -0500
Subject: [PATCH] Seems chromium needs sys_ptrace for now, hopefully when we
 have the fixed kernel this will go away

---
 policy/modules/apps/chrome.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
index acb325cb..4a71739d 100644
--- a/policy/modules/apps/chrome.te
+++ b/policy/modules/apps/chrome.te
@@ -27,6 +27,10 @@ role system_r types chrome_sandbox_nacl_t;
 # chrome_sandbox local policy
 #
 allow chrome_sandbox_t self:capability { chown dac_override fsetid setgid setuid sys_admin sys_chroot };
+tunable_policy(`deny_ptrace',`',`
+	allow chrome_sandbox_t self:capability sys_ptrace;
+')
+
 allow chrome_sandbox_t self:process { signal_perms setrlimit execmem execstack };
 allow chrome_sandbox_t self:process setsched;
 allow chrome_sandbox_t self:fifo_file manage_file_perms;
-- 
2.47.3