From: domg472@gmail.com (Dominick Grift)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [ patch 1/1] Cgroup: needs to mount to /sys/fs/cgroup.
Date: Fri, 8 Oct 2010 23:28:01 +0200 [thread overview]
Message-ID: <20101008210254.GA28941@localhost.localdomain> (raw)
I am not sure why libcgroup is moving locations for cgroupfs. Seems they now use /cgroup again, where they were using /sys/fs/cgroup a version before.
But since we added initial support for /sys/fs/cgroup, we might as well make that work i guess.
Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 99482ca... ab8b7aa... M policy/modules/kernel/devices.if
:100644 100644 59bae6a... f0cce08... M policy/modules/kernel/filesystem.fc
:100644 100644 0dff98e... d5b1551... M policy/modules/kernel/filesystem.te
policy/modules/kernel/devices.if | 18 ++++++++++++++++++
policy/modules/kernel/filesystem.fc | 4 +++-
policy/modules/kernel/filesystem.te | 1 +
3 files changed, 22 insertions(+), 1 deletions(-)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 99482ca..ab8b7aa 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -3613,6 +3613,24 @@ interface(`dev_manage_smartcard',`
########################################
## <summary>
+## Associate to sysfs filesystems.
+## </summary>
+## <param name="file_type">
+## <summary>
+## Type to be associated.
+## </summary>
+## </param>
+#
+interface(`dev_associate_sysfs',`
+ gen_require(`
+ type sysfs_t;
+ ')
+
+ allow $1 sysfs_t:filesystem associate;
+')
+
+########################################
+## <summary>
## Get the attributes of sysfs directories.
## </summary>
## <param name="domain">
diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index 59bae6a..f0cce08 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -2,5 +2,7 @@
/dev/shm/.* <<none>>
/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
+/cgroup/.* <<none>>
-/sys/fs/cgroup(/.*)? <<none>>
+/sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
+/sys/fs/cgroup/.* <<none>>
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 0dff98e..d5b1551 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -71,6 +71,7 @@ type cgroup_t;
fs_type(cgroup_t)
files_type(cgroup_t)
files_mountpoint(cgroup_t)
+dev_associate_sysfs(cgroup_t)
genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0)
type configfs_t;
--
1.7.2.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20101008/b643373b/attachment.bin
next reply other threads:[~2010-10-08 21:28 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-08 21:28 Dominick Grift [this message]
2010-10-09 13:39 ` [refpolicy] [ patch 1/1] Cgroup: needs to mount to /sys/fs/cgroup Paul Howarth
2010-10-11 14:35 ` Christopher J. PeBenito
2010-10-11 15:34 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101008210254.GA28941@localhost.localdomain \
--to=domg472@gmail.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.