From 1232a50c5f7efc77ed1c4a255a04c6c9b8d57194 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Fri, 18 Dec 2009 10:45:09 -0500
Subject: [PATCH] Prelude patch from Dan Walsh.

---
 policy/modules/services/prelude.te | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te
index 96803aeb4..e5a2fc288 100644
--- a/policy/modules/services/prelude.te
+++ b/policy/modules/services/prelude.te
@@ -1,5 +1,5 @@
 
-policy_module(prelude, 1.1.0)
+policy_module(prelude, 1.1.1)
 
 ########################################
 #
@@ -122,7 +122,9 @@ optional_policy(`
 #
 # prelude_audisp local policy
 #
-allow prelude_audisp_t self:capability dac_override;
+
+allow prelude_audisp_t self:capability { dac_override ipc_lock setpcap };
+allow prelude_audisp_t self:process { getcap setcap };
 allow prelude_audisp_t self:fifo_file rw_file_perms;
 allow prelude_audisp_t self:unix_stream_socket create_stream_socket_perms;
 allow prelude_audisp_t self:unix_dgram_socket create_socket_perms;