The libcgroup init scripts use tools in /usr/bin like cgexec and cgclear.
Signed-off-by: Dominick Grift <[email protected]>
---
:100644 100644 5369637... 62c1c0d... M policy/modules/system/init.te
policy/modules/system/init.te | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 5369637..62c1c0d 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -343,6 +343,9 @@ files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
+fs_delete_cgroup_dirs(initrc_t)
+fs_list_cgroup_dirs(initrc_t)
+fs_rw_cgroup_files(initrc_t)
fs_list_inotifyfs(initrc_t)
fs_register_binary_executable_type(initrc_t)
# rhgb-console writes to ramfs
@@ -572,6 +575,10 @@ optional_policy(`
')
optional_policy(`
+ cgroup_stream_connect(initrc_t)
+')
+
+optional_policy(`
clamav_read_config(initrc_t)
')
--
1.7.0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100607/9f716244/attachment.bin