From 7d05af77c3147d22b2e1b07867faf94a4c795335 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Dec 18 2009 15:39:36 +0000
Subject: Irqbalance patch from Dan Walsh.


---

diff --git a/policy/modules/services/irqbalance.te b/policy/modules/services/irqbalance.te
index c590eeb..254ba9e 100644
--- a/policy/modules/services/irqbalance.te
+++ b/policy/modules/services/irqbalance.te
@@ -1,5 +1,5 @@
 
-policy_module(irqbalance, 1.4.0)
+policy_module(irqbalance, 1.4.1)
 
 ########################################
 #
@@ -18,11 +18,10 @@ files_pid_file(irqbalance_var_run_t)
 # Local policy
 #
 
-allow irqbalance_t self:capability net_admin;
-allow irqbalance_t self:udp_socket create_socket_perms;
-
+allow irqbalance_t self:capability { setpcap net_admin };
 dontaudit irqbalance_t self:capability sys_tty_config;
-allow irqbalance_t self:process signal_perms;
+allow irqbalance_t self:process { getcap setcap signal_perms };
+allow irqbalance_t self:udp_socket create_socket_perms;
 
 manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
 files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file)