From 3eadbdbc7ce1752556136f24142dd5f291abc1f6 Mon Sep 17 00:00:00 2001
From: John Turner <jturner.usa@gmail.com>
Date: Tue, 12 Aug 2025 15:35:36 -0400
Subject: move into cgroupseclabelfs

---
 src/fs/seclabelfs/cgroupseclabelfs.cil | 18 +++++++++++++-----
 src/misc.cil                           | 11 -----------
 2 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/src/fs/seclabelfs/cgroupseclabelfs.cil b/src/fs/seclabelfs/cgroupseclabelfs.cil
index d2931b0..18266a1 100644
--- a/src/fs/seclabelfs/cgroupseclabelfs.cil
+++ b/src/fs/seclabelfs/cgroupseclabelfs.cil
@@ -2,10 +2,18 @@
 ;; SPDX-License-Identifier: Unlicense
 
 (block cgroup
+    (filecon "/sys/fs/cgroup" dir fs_context)
+    (filecon "/sys/fs/cgroup/.*" any ())
 
-  (genfscon "cgroup" "/" fs_context)
-  (genfscon "cgroup2" "/" fs_context)
+    (allow fs self (filesystem (associate)))
 
-  (blockinherit .fs.macro_template_dirs)
-  (blockinherit .fs.macro_template_files)
-  (blockinherit .seclabelfs.template))
+    (call .rbacsep.exempt.obj.type (fs))
+
+    (call .sys.associate_fs (fs))
+    
+    (genfscon "cgroup" "/" fs_context)
+    (genfscon "cgroup2" "/" fs_context)
+
+    (blockinherit .fs.macro_template_dirs)
+    (blockinherit .fs.macro_template_files)
+    (blockinherit .seclabelfs.template))
diff --git a/src/misc.cil b/src/misc.cil
index d0d6af4..a537370 100644
--- a/src/misc.cil
+++ b/src/misc.cil
@@ -3,17 +3,6 @@
 
 (sidcontext init (sys.id sys.role sys.subj sys.lowlow)) ;; userspace_initial_context
 
-(in cgroup
-
-    (filecon "/sys/fs/cgroup" dir fs_context)
-    (filecon "/sys/fs/cgroup/.*" any ())
-
-    (allow fs self (filesystem (associate)))
-
-    (call .rbacsep.exempt.obj.type (fs))
-
-    (call .sys.associate_fs (fs)))
-
 (in conf
 
     (filecon "/etc" dir file_context)
-- 
cgit v1.2.3