type vendor_persist_block_device, dev_type;

allow fsck self:capability { sys_admin kill };