From: pebenito@ieee.org (Chris PeBenito) Date: Mon, 9 Jan 2017 20:36:43 -0500 Subject: [refpolicy] [PATCH] Use genfscon to label /sys/devices/system/cpu/online as cpu_online_t In-Reply-To: <20170106131824.3278-1-bigon@debian.org> References: <20170106131824.3278-1-bigon@debian.org> Message-ID: <6491f155-5cd2-7010-489f-a385d73fe2bf@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 01/06/17 08:18, Laurent Bigonville via refpolicy wrote: > From: Laurent Bigonville > > Since 8e01472078763ebc1eaea089a1adab75dd982ccd, it's possible to use > genfscon for sysfs. > > This patch should help to deprecate distribution specific call to > restorecon or tmpfiles to restore /sys/devices/system/cpu/online during > boot. > > Thanks to Dominick for the tip. > --- > policy/modules/kernel/devices.te | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te > index 9b1f207f..67515ad8 100644 > --- a/policy/modules/kernel/devices.te > +++ b/policy/modules/kernel/devices.te > @@ -66,6 +66,7 @@ dev_node(cpu_device_t) > type cpu_online_t, sysfs_types; > files_type(cpu_online_t) > dev_associate_sysfs(cpu_online_t) > +genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0) Merged. -- Chris PeBenito