From mboxrd@z Thu Jan 1 00:00:00 1970 From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 01 Jul 2010 09:23:09 -0400 Subject: [refpolicy] [ cgroup patch 1/1] fix cgroup_admin In-Reply-To: <20100629122417.GA23692@localhost.localdomain> References: <20100629122417.GA23692@localhost.localdomain> Message-ID: <4C2C96BD.7090307@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/29/10 08:24, Dominick Grift wrote: > When cgroup policy was merged, some changes were made. One of these changes was the renaming of the type for cgroup rules engine daemon configuration file. The cgroup_admin interface was not modified to reflect this change. Merged. > Signed-off-by: Dominick Grift > --- > :100644 100644 a903d93... 2d1eaf3... M policy/modules/services/cgroup.if > policy/modules/services/cgroup.if | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/policy/modules/services/cgroup.if b/policy/modules/services/cgroup.if > index a903d93..2d1eaf3 100644 > --- a/policy/modules/services/cgroup.if > +++ b/policy/modules/services/cgroup.if > @@ -121,7 +121,7 @@ interface(`cgroup_admin',` > gen_require(` > type cgred_t, cgconfig_t, cgred_var_run_t; > type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t; > - type cgred_etc_t; > + type cgrules_etc_t; > ') > > allow $1 cgconfig_t:process { ptrace signal_perms getattr }; > @@ -131,7 +131,7 @@ interface(`cgroup_admin',` > read_files_pattern($1, cgred_t, cgred_t) > > admin_pattern($1, cgconfig_etc_t) > - admin_pattern($1, cgred_etc_t) > + admin_pattern($1, cgrules_etc_t) > files_search_etc($1) > > admin_pattern($1, cgred_var_run_t) -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com