From dc89cc3c50ff1f821e6940f9d1aecc3b1f054f6d Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <concord@gentoo.org>
Date: Wed, 7 Aug 2024 16:55:28 -0400
Subject: dbus: dontaudit session bus domains the netadmin capability

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
---
 policy/modules/services/dbus.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index 572b84c00..58ac501d3 100644
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@@ -300,7 +300,7 @@ optional_policy(`
 # Common session bus local policy
 #
 
-dontaudit session_bus_type self:capability sys_resource;
+dontaudit session_bus_type self:capability { net_admin sys_resource };
 allow session_bus_type self:process { getattr sigkill signal };
 dontaudit session_bus_type self:process { ptrace setrlimit };
 allow session_bus_type self:file rw_inherited_file_perms;
-- 
cgit v1.2.3-65-gdbad