From: aranea@aixah.de (Luis Ressel)
Date: Thu, 30 Nov 2017 23:38:27 +0100
Subject: [refpolicy] [PATCH] Allow systemd to relabel cgroupfs legacy
 symlinks
In-Reply-To: <20171130204747.22207-1-krzysztof.a.nowicki@gmail.com>
References: <20171130204747.22207-1-krzysztof.a.nowicki@gmail.com>
Message-ID: <20171130233827.75c62be1@vega.skynet.aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 30 Nov 2017 21:47:47 +0100
Krzysztof Nowicki via refpolicy <refpolicy@oss.tresys.com> wrote:

> diff --git a/policy/modules/system/init.te
> b/policy/modules/system/init.te index 8a91df259..fe813a43f 100644
> --- a/policy/modules/system/init.te
> +++ b/policy/modules/system/init.te
> @@ -180,6 +180,7 @@ files_dontaudit_rw_root_chr_files(init_t)
>  
>  fs_getattr_xattr_fs(init_t)
>  fs_list_inotifyfs(init_t)
> +fs_relabel_cgroup_lnk_files(init_t)
>  # cjp: this may be related to /dev/log
>  fs_write_ramfs_sockets(init_t)
>  

Could you please move this into the ifdef(init_systemd) block?

Cheers,
Luis Ressel