Subject: [PATCH] allow system_dbusd_t to setrlimit itself.

avc:  denied  { setrlimit } for  pid=391 comm="dbus-daemon"
    scontext=system_u:system_r:system_dbusd_t:s0-s15:c0.c1023
    tcontext=system_u:system_r:system_dbusd_t:s0-s15:c0.c1023 tclass=proces

Upstream-Status: Inappropriate [only for Poky]

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
---
 policy/modules/contrib/dbus.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
index 625cb32..529944b 100644
--- a/policy/modules/contrib/dbus.te
+++ b/policy/modules/contrib/dbus.te
@@ -53,7 +53,7 @@ ifdef(`enable_mls',`
 # cjp: dac_override should probably go in a distro_debian
 allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
 dontaudit system_dbusd_t self:capability sys_tty_config;
-allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap };
+allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap setrlimit };
 allow system_dbusd_t self:fifo_file rw_fifo_file_perms;
 allow system_dbusd_t self:dbus { send_msg acquire_svc };
 allow system_dbusd_t self:unix_stream_socket { connectto create_stream_socket_perms connectto };
-- 
1.7.5.4