From mboxrd@z Thu Jan  1 00:00:00 1970
From: dominick.grift@gmail.com (Dominick Grift)
Date: Tue, 12 Feb 2013 21:34:59 +0100
Subject: [refpolicy] RFC: kernel_t exec rights on cgroup_t files
In-Reply-To: <20130212213109.5a3b0e72@gentp.lnet>
References: <20130212213109.5a3b0e72@gentp.lnet>
Message-ID: <1360701299.2559.43.camel@d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2013-02-12 at 21:31 +0100, aranea at aixah.de wrote:
> Hi, I made a mistake while debugging.
> 
> 
> allow kernel_t cgroup_t:file exec_file_perms;
> allow kernel_t cgroup_t:dir list_dir_perms;
> 
> (which I originally tried) doesn't solve the problem, and neither does
> the proposed
> 

So what does solve the problem and what AVC denials are you seeing? (can
you enclose the AVC denials?)

> dontaudit kernel_t cgroup_t:file execute;
> allow kernel_t cgroup_t:file audit_access;
> 
> 
> Regards,
> Luis Ressel
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy