From c51b772d2f49f13c19c87d2ad0cf9f3bdf87e05d Mon Sep 17 00:00:00 2001
From: Chris PeBenito <pebenito@ieee.org>
Date: Sat, 5 Aug 2017 12:15:02 -0400
Subject: [PATCH] Add cgroup_seclabel policycap.

---
 policy/policy_capabilities | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/policy/policy_capabilities b/policy/policy_capabilities
index 4f2a97afb..a6987a44d 100644
--- a/policy/policy_capabilities
+++ b/policy/policy_capabilities
@@ -84,6 +84,13 @@ policycap open_perms;
 #
 policycap extended_socket_class;
 
+# Enable fine-grained labeling of cgroup and cgroup2 filesystems.
+# Requires Linux v4.11 and later.
+#
+# Added checks:
+# (none)
+#policycap cgroup_seclabel;
+
 # Enable NoNewPrivileges support.  Requires libsepol 2.7+
 # and kernel 4.14 (estimated).
 #