From: domg472@gmail.com (Dominick Grift)
Date: Mon, 5 Jul 2010 14:03:40 +0200
Subject: [refpolicy] [ cgroup patch redone 1/1] Allow cgred to setsched all
 allow initrc (/usr/bin/cgclear) setsched all allow cgred sys_admin
 capability
Message-ID: <20100705120337.GA3421@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Allow cgred to setsched all
Allow initrc (/usr/bin/cgclear) setsched all
Allow cgred sys_admin capability

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 bb3a671... 6ae88ca... M	policy/modules/services/cgroup.te
:100644 100644 d9d2789... 5926603... M	policy/modules/system/init.te
 policy/modules/services/cgroup.te |    3 ++-
 policy/modules/system/init.te     |    1 +
 2 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/policy/modules/services/cgroup.te b/policy/modules/services/cgroup.te
index bb3a671..6ae88ca 100644
--- a/policy/modules/services/cgroup.te
+++ b/policy/modules/services/cgroup.te
@@ -53,7 +53,7 @@ fs_unmount_cgroup(cgconfig_t)
 # cgred personal policy.
 #
 
-allow cgred_t self:capability { net_admin sys_ptrace dac_override };
+allow cgred_t self:capability { net_admin sys_admin sys_ptrace dac_override };
 allow cgred_t self:netlink_socket { write bind create read };
 allow cgred_t self:unix_dgram_socket { write create connect };
 
@@ -65,6 +65,7 @@ files_pid_filetrans(cgred_t, cgred_var_run_t, sock_file)
 kernel_read_system_state(cgred_t)
 
 domain_read_all_domains_state(cgred_t)
+domain_setpriority_all_domains(cgred_t)
 
 files_getattr_all_files(cgred_t)
 files_getattr_all_sockets(cgred_t)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index d9d2789..5926603 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -575,6 +575,7 @@ optional_policy(`
 
 optional_policy(`
 	cgroup_stream_connect(initrc_t)
+	domain_setpriority_all_domains(initrc_t)
 ')
 
 optional_policy(`
-- 
1.7.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100705/772a0623/attachment.bin