selinux svc when restarting RA

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@611 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

2 files changed, 3 insertions, 3 deletions

diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
index 6c34cb57f..eec301113 100644
--- a/pki/base/selinux/src/pki.if
+++ b/pki/base/selinux/src/pki.if
@@ -492,7 +492,7 @@ template(`pki_tps_template',`
         allow pki_tps_t lib_t:file execute_no_trans;
 
         #fowner needed for chmod
-        allow pki_tps_t self:capability { setuid sys_nice setgid dac_override fowner};
+        allow pki_tps_t self:capability { setuid sys_nice setgid dac_override fowner fsetid};
         allow pki_tps_t self:process { setsched signal getsched  signull execstack execmem};
         allow pki_tps_t self:sem all_sem_perms;
         allow pki_tps_t self:tcp_socket create_stream_socket_perms;
@@ -661,7 +661,7 @@ template(`pki_ra_template',`
 
         allow pki_ra_t lib_t:file execute_no_trans;
 
-        allow pki_ra_t self:capability { setuid sys_nice setgid dac_override fowner};
+        allow pki_ra_t self:capability { setuid sys_nice setgid dac_override fowner fsetid};
         allow pki_ra_t self:process { setsched getsched signal signull execstack execmem};
         allow pki_ra_t self:sem all_sem_perms;
         allow pki_ra_t self:tcp_socket create_stream_socket_perms;
diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
index 0f00c99ea..4af04a22b 100644
--- a/pki/base/selinux/src/pki.te
+++ b/pki/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
-policy_module(pki,1.0.9)
+policy_module(pki,1.0.10)
 
 attribute pki_ca_config;
 attribute pki_ca_executable;