allow ueventd metadata_file:dir search;
allow ueventd self:capability { kill sys_admin };