Addresses prerequisite for cgroup_seclabel

Only worls if the / of the cgroupfs is labeled with setxattr. systemd will apply this filecon. Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
author: Dominick Grift <dominick.grift@defensec.nl> 2023-08-22 14:18:18 +0200
committer: Dominick Grift <dominick.grift@defensec.nl> 2023-08-22 14:21:21 +0200
commit: 087abd9a356861e65e5489b1307dc1564c9e6f2b (patch)
tree: 146bf9c2116ed11b48e8a18b87da0b3b335a35c5
parent: 8ab4c6e0db1dd758830023e91cfcfc989af27ec7 (diff)
download: selinux-policy-087abd9a356861e65e5489b1307dc1564c9e6f2b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/misc.cil b/src/misc.cil
index 73c45aa..e9f423c 100644
--- a/src/misc.cil
+++ b/src/misc.cil
@@ -49,7 +49,7 @@
 
 (in cgroup
 
-    (filecon "/sys/fs/cgroup" dir ())
+    (filecon "/sys/fs/cgroup" dir fs_context)
     (filecon "/sys/fs/cgroup/.*" any ())
 
     (allow fs self (filesystem (associate)))
author	Dominick Grift <dominick.grift@defensec.nl>	2023-08-22 14:18:18 +0200
committer	Dominick Grift <dominick.grift@defensec.nl>	2023-08-22 14:21:21 +0200
commit	087abd9a356861e65e5489b1307dc1564c9e6f2b (patch)
tree	146bf9c2116ed11b48e8a18b87da0b3b335a35c5
parent	8ab4c6e0db1dd758830023e91cfcfc989af27ec7 (diff)
download	selinux-policy-087abd9a356861e65e5489b1307dc1564c9e6f2b.tar.gz