Skip to content
Snippets Groups Projects
Commit 53297318 authored by Colin Cross's avatar Colin Cross
Browse files

lmkd: allow removing cgroups and setting self to SCHED_FIFO 

Addresses the following selinux denials:
type=1400 audit(1405383429.107:22): avc: denied { remove_name } for pid=137 comm="lmkd" name="uid_10060" dev="cgroup" ino=18368 scontext=u:r:lmkd:s0 tcontext=u:object_r:cgroup:s0 tclass=dir permissive=0
type=1400 audit(1405383794.109:6): avc: denied { sys_nice } for pid=1619 comm="lmkd" capability=23 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability permissive=0

Change-Id: I7b6e5a396bf345c4768defd7b39af2435631a35b
parent 213bb45b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
lmkd.te
+ 6
0
View file @ 53297318
......@@ -18,3 +18,9 @@ allow lmkd sysfs_lowmemorykiller:file w_file_perms;
# Send kill signals
allow lmkd appdomain:process sigkill;
# Clean up old cgroups
allow lmkd cgroup:dir { remove_name rmdir };
# Set self to SCHED_FIFO
allow lmkd self:capability sys_nice;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment