[refpolicy] [ patch 1/1] Cgroup: needs to mount to /sys/fs/cgroup.
Dominick Grift
domg472 at gmail.com
Fri Oct 8 16:28:01 CDT 2010
I am not sure why libcgroup is moving locations for cgroupfs. Seems they now use /cgroup again, where they were using /sys/fs/cgroup a version before.
But since we added initial support for /sys/fs/cgroup, we might as well make that work i guess.
Signed-off-by: Dominick Grift <domg472 at gmail.com>
---
:100644 100644 99482ca... ab8b7aa... M policy/modules/kernel/devices.if
:100644 100644 59bae6a... f0cce08... M policy/modules/kernel/filesystem.fc
:100644 100644 0dff98e... d5b1551... M policy/modules/kernel/filesystem.te
policy/modules/kernel/devices.if | 18 ++++++++++++++++++
policy/modules/kernel/filesystem.fc | 4 +++-
policy/modules/kernel/filesystem.te | 1 +
3 files changed, 22 insertions(+), 1 deletions(-)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 99482ca..ab8b7aa 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -3613,6 +3613,24 @@ interface(`dev_manage_smartcard',`
########################################
## <summary>
+## Associate to sysfs filesystems.
+## </summary>
+## <param name="file_type">
+## <summary>
+## Type to be associated.
+## </summary>
+## </param>
+#
+interface(`dev_associate_sysfs',`
+ gen_require(`
+ type sysfs_t;
+ ')
+
+ allow $1 sysfs_t:filesystem associate;
+')
+
+########################################
+## <summary>
## Get the attributes of sysfs directories.
## </summary>
## <param name="domain">
diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index 59bae6a..f0cce08 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -2,5 +2,7 @@
/dev/shm/.* <<none>>
/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
+/cgroup/.* <<none>>
-/sys/fs/cgroup(/.*)? <<none>>
+/sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
+/sys/fs/cgroup/.* <<none>>
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 0dff98e..d5b1551 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -71,6 +71,7 @@ type cgroup_t;
fs_type(cgroup_t)
files_type(cgroup_t)
files_mountpoint(cgroup_t)
+dev_associate_sysfs(cgroup_t)
genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0)
type configfs_t;
--
1.7.2.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20101008/b643373b/attachment.bin
More information about the refpolicy
mailing list