From dd7761e72c40b6d826a760ea9167ca17dec8c546 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Fri, 8 Apr 2022 14:10:08 +0200
Subject: [PATCH] Allow pcscd the sys_ptrace userns capability

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/dd7761e72c40b6d826a760ea9167ca17dec8c546
Conflict: NA

Resolves: rhbz#2073169
Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/contrib/pcscd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/contrib/pcscd.te b/policy/modules/contrib/pcscd.te
index 1fdd845..d0d83da 100644
--- a/policy/modules/contrib/pcscd.te
+++ b/policy/modules/contrib/pcscd.te
@@ -24,6 +24,7 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd")
 allow pcscd_t self:capability {  dac_read_search fsetid };
 dontaudit pcscd_t self:capability { sys_admin };
 allow pcscd_t self:capability2 { wake_alarm };
+allow pcscd_t self:cap_userns sys_ptrace;
 allow pcscd_t self:process { signal signull };
 dontaudit pcscd_t self:process setsched;
 allow pcscd_t self:fifo_file rw_fifo_file_perms;
-- 
1.8.3.1