When cgroup policy was merged, some changes were made. One of these changes was the renaming of the type for cgroup rules engine daemon configuration file. The cgroup_admin interface was not modified to reflect this change.
Signed-off-by: Dominick Grift <[email protected]>
---
:100644 100644 a903d93... 2d1eaf3... M policy/modules/services/cgroup.if
policy/modules/services/cgroup.if | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/services/cgroup.if b/policy/modules/services/cgroup.if
index a903d93..2d1eaf3 100644
--- a/policy/modules/services/cgroup.if
+++ b/policy/modules/services/cgroup.if
@@ -121,7 +121,7 @@ interface(`cgroup_admin',`
gen_require(`
type cgred_t, cgconfig_t, cgred_var_run_t;
type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t;
- type cgred_etc_t;
+ type cgrules_etc_t;
')
allow $1 cgconfig_t:process { ptrace signal_perms getattr };
@@ -131,7 +131,7 @@ interface(`cgroup_admin',`
read_files_pattern($1, cgred_t, cgred_t)
admin_pattern($1, cgconfig_etc_t)
- admin_pattern($1, cgred_etc_t)
+ admin_pattern($1, cgrules_etc_t)
files_search_etc($1)
admin_pattern($1, cgred_var_run_t)
--
1.7.0.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100629/8bd16d66/attachment.bin
On 06/29/10 08:24, Dominick Grift wrote:
> When cgroup policy was merged, some changes were made. One of these changes was the renaming of the type for cgroup rules engine daemon configuration file. The cgroup_admin interface was not modified to reflect this change.
Merged.
> Signed-off-by: Dominick Grift<[email protected]>
> ---
> :100644 100644 a903d93... 2d1eaf3... M policy/modules/services/cgroup.if
> policy/modules/services/cgroup.if | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/policy/modules/services/cgroup.if b/policy/modules/services/cgroup.if
> index a903d93..2d1eaf3 100644
> --- a/policy/modules/services/cgroup.if
> +++ b/policy/modules/services/cgroup.if
> @@ -121,7 +121,7 @@ interface(`cgroup_admin',`
> gen_require(`
> type cgred_t, cgconfig_t, cgred_var_run_t;
> type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t;
> - type cgred_etc_t;
> + type cgrules_etc_t;
> ')
>
> allow $1 cgconfig_t:process { ptrace signal_perms getattr };
> @@ -131,7 +131,7 @@ interface(`cgroup_admin',`
> read_files_pattern($1, cgred_t, cgred_t)
>
> admin_pattern($1, cgconfig_etc_t)
> - admin_pattern($1, cgred_etc_t)
> + admin_pattern($1, cgrules_etc_t)
> files_search_etc($1)
>
> admin_pattern($1, cgred_var_run_t)
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com