Add allow rasdaemon cap_sys_admin

add-allow-rasdaemon-cap_sys_admin.patch

@@ -0,0 +1,25 @@
+From 595e1f9fd4e9b5106487da882cf11d2ffdf79255 Mon Sep 17 00:00:00 2001
+From: lujie42 <572084868@qq.com>
+Date: Fri, 3 Sep 2021 20:22:18 +0800
+Subject: [PATCH] add allow rasdaemon cap_sys_admin
+
+Signed-off-by: lujie42 <572084868@qq.com>
+---
+ policy/modules/contrib/rasdaemon.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/contrib/rasdaemon.te b/policy/modules/contrib/rasdaemon.te
+index f6891a1..e102e63 100644
+--- a/policy/modules/contrib/rasdaemon.te
++++ b/policy/modules/contrib/rasdaemon.te
+@@ -19,6 +19,7 @@ systemd_unit_file(rasdaemon_unit_file_t)
+ #
+ # rasdaemon local policy
+ #
++allow rasdaemon_t self:capability sys_admin;
+ allow rasdaemon_t self:fifo_file rw_fifo_file_perms;
+ allow rasdaemon_t self:unix_stream_socket create_stream_socket_perms;
+ 
+-- 
+1.8.3.1
+

selinux-policy.spec

@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 3.14.2
-Release: 74
+Release: 75
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -116,6 +116,7 @@ Patch6039: backport-Allow-systemd-hostnamed-read-udev-runtime-data.patch
 
 Patch9000: add-qemu_exec_t-for-stratovirt.patch
 Patch9001: add-avc-for-systemd-selinux-page.patch
+Patch9002: add-allow-rasdaemon-cap_sys_admin.patch 
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -782,6 +783,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Sep 3 2021 lujie42 <572084868@qq.com> -3.14.2-75
+- Add allow rasdaemon cap_sys_admin
+
 * Tue Aug 31 2021 lujie42 <572084868@qq.com> -3.14.2-74
 - Allow systemd hostnamed read udev runtime data