From 5dcaa67b6fcb25004b0126f6fda49762811da507 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 26 Jul 2017 10:19:33 -0700
Subject: [PATCH] cgroup: allow associate to tmpfs

Allows groups to be mounted at /dev/memcg

Addresses:
avc: denied { associate } for comm="init" name="memcg"
scontext=u:object_r:cgroup:s0 tcontext=u:object_r:tmpfs:s0
tclass=filesystem permissive=0

Bug: 64067152
Test: build
Change-Id: Ic8f641e841fe09c8f7fd487ed67cf0ab4860a1cc
---
 public/file.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/file.te b/public/file.te
index 437c361e6..01b6cf206 100644
--- a/public/file.te
+++ b/public/file.te
@@ -278,6 +278,7 @@ type property_contexts, file_type;
 
 # Allow files to be created in their appropriate filesystems.
 allow fs_type self:filesystem associate;
+allow cgroup tmpfs:filesystem associate;
 allow sysfs_type sysfs:filesystem associate;
 allow debugfs_type { debugfs debugfs_tracing }:filesystem associate;
 allow file_type labeledfs:filesystem associate;
-- 
GitLab