From: domg472@gmail.com (Dominick Grift)
Date: Fri, 3 Sep 2010 16:25:47 +0200
Subject: [refpolicy] [cgroup 1/1] Libcgroup moved the cgroup directory to
	/sys/fs/cgroup.
Message-ID: <20100903142543.GA26439@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 7d0ef43... 59bae6a... M	policy/modules/kernel/filesystem.fc
:100644 100644 e3e17ba... 437a42a... M	policy/modules/kernel/filesystem.if
 policy/modules/kernel/filesystem.fc |    2 ++
 policy/modules/kernel/filesystem.if |    8 ++++++++
 2 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index 7d0ef43..59bae6a 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -2,3 +2,5 @@
 /dev/shm/.*		<<none>>
 
 /cgroup		-d	gen_context(system_u:object_r:cgroup_t,s0)
+
+/sys/fs/cgroup(/.*)?	<<none>>
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index e3e17ba..437a42a 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -646,6 +646,7 @@ interface(`fs_search_cgroup_dirs',`
 	')
 
 	search_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -664,6 +665,7 @@ interface(`fs_list_cgroup_dirs', `
 	')
 
 	list_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -682,6 +684,7 @@ interface(`fs_delete_cgroup_dirs', `
 	')
 
 	delete_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -701,6 +704,7 @@ interface(`fs_manage_cgroup_dirs',`
 	')
 
 	manage_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -720,6 +724,7 @@ interface(`fs_read_cgroup_files',`
 	')
 
 	read_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -738,6 +743,7 @@ interface(`fs_write_cgroup_files', `
 	')
 
 	write_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -757,6 +763,7 @@ interface(`fs_rw_cgroup_files',`
 	')
 
 	rw_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
@@ -796,6 +803,7 @@ interface(`fs_manage_cgroup_files',`
 	')
 
 	manage_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
 ')
 
 ########################################
-- 
1.7.2.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100903/7ac2f46f/attachment-0001.bin