From: nicolas.iooss@m4x.org (Nicolas Iooss)
Date: Mon, 14 Apr 2014 23:18:31 +0200
Subject: [refpolicy] [PATCH] filesystem: label cgroup symlinks
Message-ID: <1397510311-6159-1-git-send-email-nicolas.iooss@m4x.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

/sys/fs/cgroup is a tmpfs which contains cgroup mounts and symlinks such as
cpu and cpuacct.  Running restorecon makes this warning happen:

    restorecon:  Warning no default label for /sys/fs/cgroup/cpu

Declare a file context for every symlink in the cgroup tmpfs montpoint to
no longer have such warning.
---
 policy/modules/kernel/filesystem.fc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index d7c11a0..f5cfe84 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -13,6 +13,7 @@
 
 /sys/fs/cgroup	-d	gen_context(system_u:object_r:cgroup_t,s0)
 /sys/fs/cgroup/.*	<<none>>
+/sys/fs/cgroup/[^/]+	-l	gen_context(system_u:object_r:cgroup_t,s0)
 
 /sys/fs/pstore	-d	gen_context(system_u:object_r:pstore_t,s0)
 /sys/fs/pstore/.*	<<none>>
-- 
1.9.1