commit: 2881f0894c6f2af70e0780d4672371f4d712e983
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Mon Apr 14 21:18:31 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Apr 21 15:19:48 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=2881f089
filesystem: label cgroup symlinks
/sys/fs/cgroup is a tmpfs which contains cgroup mounts and symlinks such as
cpu and cpuacct. Running restorecon makes this warning happen:
restorecon: Warning no default label for /sys/fs/cgroup/cpu
Declare a file context for every symlink in the cgroup tmpfs montpoint to
no longer have such warning.
---
policy/modules/kernel/filesystem.fc | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/kernel/filesystem.fc
b/policy/modules/kernel/filesystem.fc
index d7c11a0..f5cfe84 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -13,6 +13,7 @@
/sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
/sys/fs/cgroup/.* <<none>>
+/sys/fs/cgroup/[^/]+ -l gen_context(system_u:object_r:cgroup_t,s0)
/sys/fs/pstore -d gen_context(system_u:object_r:pstore_t,s0)
/sys/fs/pstore/.* <<none>>
