# allow fsck block_device:blk_file { read write };
allow fsck fsck:capability { dac_override dac_read_search };