From 1232a50c5f7efc77ed1c4a255a04c6c9b8d57194 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Dec 18 2009 15:45:09 +0000
Subject: Prelude patch from Dan Walsh.


---

diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te
index 96803ae..e5a2fc2 100644
--- a/policy/modules/services/prelude.te
+++ b/policy/modules/services/prelude.te
@@ -1,5 +1,5 @@
 
-policy_module(prelude, 1.1.0)
+policy_module(prelude, 1.1.1)
 
 ########################################
 #
@@ -122,7 +122,9 @@ optional_policy(`
 #
 # prelude_audisp local policy
 #
-allow prelude_audisp_t self:capability dac_override;
+
+allow prelude_audisp_t self:capability { dac_override ipc_lock setpcap };
+allow prelude_audisp_t self:process { getcap setcap };
 allow prelude_audisp_t self:fifo_file rw_file_perms;
 allow prelude_audisp_t self:unix_stream_socket create_stream_socket_perms;
 allow prelude_audisp_t self:unix_dgram_socket create_socket_perms;