Skip to content
Snippets Groups Projects
Commit 5dcaa67b authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

cgroup: allow associate to tmpfs 

Allows groups to be mounted at /dev/memcg

Addresses:
avc: denied { associate } for comm="init" name="memcg"
scontext=u:object_r:cgroup:s0 tcontext=u:object_r:tmpfs:s0
tclass=filesystem permissive=0

Bug: 64067152
Test: build
Change-Id: Ic8f641e841fe09c8f7fd487ed67cf0ab4860a1cc
parent a4cada74
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
public/file.te
+ 1
0
View file @ 5dcaa67b
...@@ -278,6 +278,7 @@ type property_contexts, file_type; ...@@ -278,6 +278,7 @@ type property_contexts, file_type;
# Allow files to be created in their appropriate filesystems. # Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate; allow fs_type self:filesystem associate;
allow cgroup tmpfs:filesystem associate;
allow sysfs_type sysfs:filesystem associate; allow sysfs_type sysfs:filesystem associate;
allow debugfs_type { debugfs debugfs_tracing }:filesystem associate; allow debugfs_type { debugfs debugfs_tracing }:filesystem associate;
allow file_type labeledfs:filesystem associate; allow file_type labeledfs:filesystem associate;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment