From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 08 Jun 2010 09:32:18 -0400
Subject: [refpolicy] [patch v2 0/1] Revisiting cgroups.
In-Reply-To: <20100607181000.GA1233@localhost.localdomain>
References: <20100607181000.GA1233@localhost.localdomain>
Message-ID: <1276003938.809.129.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2010-06-07 at 20:10 +0200, Dominick Grift wrote:
> Here's another shot at cgroups.
> 
> Revisiting existing cgrou policy:
> - Move cgroup_t declarations from kernel.te to filesystem.te
> - Redo cgroup interfaces in filesystem.if
> - Add file context specification for /cgroup mountpoint to filesystem.fc
> 
> Implementing libcgroup policy:
> - Libcg automates cgroup management.
> 
> How libcg init scripts interact with cgroup:
> - The libcgroup init scripts use tools in /usr/bin like cgexec and cgclear.
> 
> How users interact with cgroup:
> - All login users can list cgroup.
> - Common users can read and write cgroup files (access governed by dac).

This set is merged.  I did some rearrangement and renamed cgconfigparser
types to just cgconfig.


> policy/modules/kernel/filesystem.fc |    2 +
> policy/modules/kernel/filesystem.if |  150 +++++++++++++++++++++++++----------
> policy/modules/kernel/filesystem.te |    6 ++
> policy/modules/kernel/kernel.te     |    9 --
> policy/modules/services/cgroup.fc   |   10 +++
> policy/modules/services/cgroup.if   |  149 ++++++++++++++++++++++++++++++++++
> policy/modules/services/cgroup.te   |   86 ++++++++++++++++++++
> policy/modules/system/init.te       |    7 ++
> policy/modules/system/userdomain.if |    4 +
> 9 files changed, 372 insertions(+), 51 deletions(-)
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com