From: bigon@debian.org (Laurent Bigonville)
Date: Fri,  6 Jan 2017 14:18:24 +0100
Subject: [refpolicy] [PATCH] Use genfscon to label
	/sys/devices/system/cpu/online as cpu_online_t
Message-ID: <20170106131824.3278-1-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

Since 8e01472078763ebc1eaea089a1adab75dd982ccd, it's possible to use
genfscon for sysfs.

This patch should help to deprecate distribution specific call to
restorecon or tmpfiles to restore /sys/devices/system/cpu/online during
boot.

Thanks to Dominick for the tip.
---
 policy/modules/kernel/devices.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 9b1f207f..67515ad8 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -66,6 +66,7 @@ dev_node(cpu_device_t)
 type cpu_online_t, sysfs_types;
 files_type(cpu_online_t)
 dev_associate_sysfs(cpu_online_t)
+genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
 
 #
 # Type for /dev/crash
-- 
2.11.0