From 5e9d7e2c8fc05138b3b8707bee0b969e6159f0a5 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Mon, 8 Aug 2016 17:32:30 -0400
Subject: [PATCH] Add sys/renew to default policy

---
 vault/policy_store.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/vault/policy_store.go b/vault/policy_store.go
index 0b42b429dc..18b9004ced 100644
--- a/vault/policy_store.go
+++ b/vault/policy_store.go
@@ -300,6 +300,10 @@ path "cubbyhole" {
 path "sys/capabilities-self" {
     capabilities = ["update"]
 }
+
+path "sys/renew/*" {
+    capabilities = ["update"]
+}
 `)
 	if err != nil {
 		return errwrap.Wrapf("error parsing default policy: {{err}}", err)