From: domg472@gmail.com (Dominick Grift)
Date: Sat, 3 Jul 2010 22:41:39 +0200
Subject: [refpolicy] [ cgroup patch 1/1] cg rules engine daemon needs to
 setsched of all domains.
Message-ID: <20100703204134.GA3253@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Signed-off-by: Dominick Grift <domg472@gmail.com>

I suspect it is for the cpuset controller. cg clear which is called from the cgred init script and runs initrc_t needs it aswell when the system shuts down. But this is problematic and not important because it does not stop cgred from functioning properly.
---
:100644 100644 bb3a671... dd5793e... M	policy/modules/services/cgroup.te
 policy/modules/services/cgroup.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/cgroup.te b/policy/modules/services/cgroup.te
index bb3a671..dd5793e 100644
--- a/policy/modules/services/cgroup.te
+++ b/policy/modules/services/cgroup.te
@@ -65,6 +65,7 @@ files_pid_filetrans(cgred_t, cgred_var_run_t, sock_file)
 kernel_read_system_state(cgred_t)
 
 domain_read_all_domains_state(cgred_t)
+domain_setpriority_all_domains(cgred_t)
 
 files_getattr_all_files(cgred_t)
 files_getattr_all_sockets(cgred_t)
-- 
1.7.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100703/bc6b7556/attachment.bin