From 6e5482a0c0a55bca012c897e94c58aca79acf5e7 Mon Sep 17 00:00:00 2001
From: Jan Pokorný <jpokorny@redhat.com>
Date: Wed, 23 Oct 2013 23:38:11 +0200
Subject: Start tracking capabilities as a security property
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
---
 lib_cman.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib_cman.py b/lib_cman.py
index 8507c84..633a013 100644
--- a/lib_cman.py
+++ b/lib_cman.py
@@ -146,6 +146,7 @@ class CmanRicci(Daemon):
         euser='ricci',
         egroup='root',
         label='unconfined_u:system_r:ricci_t:s0',
+        capabilities='CAP_SYS_BOOT (+ temporarily CAP_SETUID)'
     )
     miscprops = dict(
         common_thread_cnt=1,
-- 
cgit