From 991e1cd627e9dba1bb5a89ca87c90b2542453018 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Thu, 27 Oct 2022 14:23:35 +0200
Subject: [PATCH] Allow pcscd bpf capability to run bpf programs

Resolves: rhbz#2134827
---
 policy/modules/contrib/pcscd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/contrib/pcscd.te b/policy/modules/contrib/pcscd.te
index d0d83da261..5b22ac8268 100644
--- a/policy/modules/contrib/pcscd.te
+++ b/policy/modules/contrib/pcscd.te
@@ -23,7 +23,7 @@ init_daemon_run_dir(pcscd_var_run_t, "pcscd")
 
 allow pcscd_t self:capability {  dac_read_search fsetid };
 dontaudit pcscd_t self:capability { sys_admin };
-allow pcscd_t self:capability2 { wake_alarm };
+allow pcscd_t self:capability2 { bpf wake_alarm };
 allow pcscd_t self:cap_userns sys_ptrace;
 allow pcscd_t self:process { signal signull };
 dontaudit pcscd_t self:process setsched;