rpm: Minor fixes

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>

1 files changed, 3 insertions, 1 deletions

diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
index 24cc51452..1eb82cda7 100644
--- a/policy/modules/admin/rpm.te
+++ b/policy/modules/admin/rpm.te
@@ -72,7 +72,7 @@ files_tmpfs_file(rpm_script_tmpfs_t)
 # rpm Local policy
 #
 
-allow rpm_t self:capability { chown dac_override fowner fsetid ipc_lock mknod setfcap setgid setuid sys_chroot sys_nice sys_tty_config };
+allow rpm_t self:capability { chown dac_read_search dac_override fowner fsetid ipc_lock mknod setfcap setgid setuid sys_chroot sys_nice sys_tty_config };
 allow rpm_t self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
 allow rpm_t self:fd use;
 allow rpm_t self:fifo_file rw_fifo_file_perms;
@@ -257,6 +257,8 @@ allow rpm_script_t self:netlink_kobject_uevent_socket create_socket_perms;
 
 allow rpm_script_t rpm_t:netlink_route_socket { read write };
 
+allow rpm_script_t rpm_var_lib_t:file map;
+
 allow rpm_script_t rpm_tmp_t:file read_file_perms;
 
 allow rpm_script_t rpm_script_tmp_t:dir mounton;