summaryrefslogtreecommitdiff
path: root/src/fs/seclabelfs/cgroupseclabelfs.cil
diff options
context:
space:
mode:
Diffstat (limited to 'src/fs/seclabelfs/cgroupseclabelfs.cil')
-rw-r--r--src/fs/seclabelfs/cgroupseclabelfs.cil18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/fs/seclabelfs/cgroupseclabelfs.cil b/src/fs/seclabelfs/cgroupseclabelfs.cil
index d2931b0..18266a1 100644
--- a/src/fs/seclabelfs/cgroupseclabelfs.cil
+++ b/src/fs/seclabelfs/cgroupseclabelfs.cil
@@ -2,10 +2,18 @@
;; SPDX-License-Identifier: Unlicense
(block cgroup
+ (filecon "/sys/fs/cgroup" dir fs_context)
+ (filecon "/sys/fs/cgroup/.*" any ())
- (genfscon "cgroup" "/" fs_context)
- (genfscon "cgroup2" "/" fs_context)
+ (allow fs self (filesystem (associate)))
- (blockinherit .fs.macro_template_dirs)
- (blockinherit .fs.macro_template_files)
- (blockinherit .seclabelfs.template))
+ (call .rbacsep.exempt.obj.type (fs))
+
+ (call .sys.associate_fs (fs))
+
+ (genfscon "cgroup" "/" fs_context)
+ (genfscon "cgroup2" "/" fs_context)
+
+ (blockinherit .fs.macro_template_dirs)
+ (blockinherit .fs.macro_template_files)
+ (blockinherit .seclabelfs.template))
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-20 14:36:33 +0000