From c4ea6cc59439e2608cdaf3bede351fafe7f37a9b Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 23 Aug 2014 13:35:50 +0200
Subject: [PATCH] Add ioctl and lock to manage_lnk_file_perms

manage_lnk_file_perms permission is expected to be larger than
write_lnk_file_perms and therefore include ioctl and lock.
---
 policy/support/obj_perm_sets.spt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index 6e9131723..27294ea22 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -179,7 +179,7 @@ define(`rw_lnk_file_perms',`{ getattr read write lock ioctl }')
 define(`create_lnk_file_perms',`{ create getattr }')
 define(`rename_lnk_file_perms',`{ getattr rename }')
 define(`delete_lnk_file_perms',`{ getattr unlink }')
-define(`manage_lnk_file_perms',`{ create read write getattr setattr link unlink rename }')
+define(`manage_lnk_file_perms',`{ create read write getattr setattr link unlink rename ioctl lock }')
 define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
 define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
 define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')