rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

How users interact with cgroup.

Browse Source 
All login users can list cgroup.
Common users can read and write cgroup files (access governed by dac)

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
This commit is contained in:
Dominick Grift 2010-06-07 20:27:41 +02:00 committed by Chris PeBenito
parent 73f0985092
commit e2b9add5f8
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/system/userdomain.if
View File

@ -542,6 +542,8 @@ template(`userdom_common_user_template',`
# Stat lost+found. # Stat lost+found.
files_getattr_lost_found_dirs($1_t) files_getattr_lost_found_dirs($1_t)
fs_rw_cgroup_files($1_t)
# cjp: some of this probably can be removed # cjp: some of this probably can be removed
selinux_get_fs_mount($1_t) selinux_get_fs_mount($1_t)
selinux_validate_context($1_t) selinux_validate_context($1_t)
@ -753,8 +755,10 @@ template(`userdom_login_user_template', `
fs_getattr_all_fs($1_t) fs_getattr_all_fs($1_t)
fs_getattr_all_dirs($1_t) fs_getattr_all_dirs($1_t)
fs_search_auto_mountpoints($1_t) fs_search_auto_mountpoints($1_t)
fs_list_cgroup_dirs($1_t)
fs_list_inotifyfs($1_t) fs_list_inotifyfs($1_t)
fs_rw_anon_inodefs_files($1_t) fs_rw_anon_inodefs_files($1_t)
fs_dontaudit_rw_cgroup_files($1_t)
auth_dontaudit_write_login_records($1_t) auth_dontaudit_write_login_records($1_t)