src/fs/seclabelfs/cgroupseclabelfs.cil


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

;; SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense

(block cgroup
    (filecon "/sys/fs/cgroup" dir fs_context)
    (filecon "/sys/fs/cgroup/.*" any ())

    (allow fs self (filesystem (associate)))

    (call .rbacsep.exempt.obj.type (fs))

    (call .sys.associate_fs (fs))
    
    (genfscon "cgroup" "/" fs_context)
    (genfscon "cgroup2" "/" fs_context)

    (blockinherit .fs.macro_template_dirs)
    (blockinherit .fs.macro_template_files)
    (blockinherit .seclabelfs.template))