From: domg472@gmail.com (Dominick Grift)
Date: Fri, 29 Apr 2011 16:31:32 +0200
Subject: [refpolicy] Refpolicy status
In-Reply-To: <4DBAC2F2.5000106@tresys.com>
References: <4DB86210.40609@tresys.com> <4DB86A84.9070308@gmail.com>
	<4DBABF5E.9060107@tresys.com> <4DBAC06E.4010106@gmail.com>
	<4DBAC2F2.5000106@tresys.com>
Message-ID: <4DBACBC4.2030208@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/29/2011 03:53 PM, Christopher J. PeBenito wrote:
> On 04/29/11 09:43, Dominick Grift wrote:
>> On 04/29/2011 03:38 PM, Christopher J. PeBenito wrote:
>>
>>> Ok, I already got the filesystem.fc merged in, but its rearranged, so it
>>> looks like a diff between the two trees.  I'll look at the cgroup and
>>> cobbler modules.
>>
>>
>> If you decide to merge cgroup changes then keep in mind that cgroup_t
>> needs to associate with sysfs_t devices. (filesystem.te:
>> dev_associate_sysfs(cgroup_t))
>>
>> This cgroup/sysfs change is mainly for systemd. libcgroup still
>> installs/uses the /cgroup by default.
> 
> So this means that the /sys fc lines are for systemd systems too, right?
> 

right. systemd mounts cgroup on:

/sys/fs/cgroup	-d	gen_context(system_u:object_r:cgroup_t,s0)
/sys/fs/cgroup(/.*)?	<<none>>

but libcgroup mounts cgroup by default on:

/cgroup		-d	gen_context(system_u:object_r:cgroup_t,s0)
/cgroup/.*		<<none>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk26y8QACgkQMlxVo39jgT8E+ACfWkJoysYDqHOY8v6T4jS9KKwT
NmEAoKmgoHcM2ckF/dH3l3zjp9SEphdm
=sDFu
-----END PGP SIGNATURE-----