## Patch to facilitate interface to interact with cgroup fs. ## ##

## Add interfaces to allow for interaction with cgroupfs ## for initrc (cfconfig) and for cfrulesengd. ##

## ######################################## ## ## Mount a cgroup filesystem. ## ## ## ## Domain allowed access. ## ## # interface(`fs_mount_cgroup_fs', ` gen_require(` type cgroup_t; ') allow $1 cgroup_t:filesystem mount; ') ######################################## ## ## Remount a cgroup filesystem This allows ## some mount options to be changed. ## ## ## ## Domain allowed access. ## ## # interface(`fs_remount_cgroup_fs', ` gen_require(` type cgroup_t; ') allow $1 cgroup_t:filesystem remount; ') ######################################## ## ## Unmount a cgroup file system. ## ## ## ## Domain allowed access. ## ## # interface(`fs_unmount_cgroup_fs', ` gen_require(` type cgroup_t; ') allow $1 cgroup_t:filesystem unmount; ') ######################################## ## ## Read and write files on cgroup ## file systems. ## ## ## ## Domain allowed access. ## ## # interface(`fs_rw_cgroup_files',` gen_require(` type cgroup_t; ') rw_files_pattern($1, cgroup_t, cgroup_t) fs_search_cgroup_dirs($1) ') ######################################## ## ## Set attributes of files on cgroup ## file systems. ## ## ## ## Domain allowed access. ## ## # interface(`fs_setattr_cgroup_files',` gen_require(` type cgroup_t; ') setattr_files_pattern($1, cgroup_t, cgroup_t) fs_search_cgroup_dirs($1) ') ######################################## ## ## Manage dirs on cgroup ## file systems. ## ## ## ## Domain allowed access. ## ## # interface(`fs_manage_cgroup_dirs',` gen_require(` type cgroup_t; ') manage_dirs_pattern($1, cgroup_t, cgroup_t) ') ######################################## ## ## Search dirs on cgroup ## file systems. ## ## ## ## Domain allowed access. ## ## # interface(`fs_search_cgroup_dirs', ` gen_require(` type cgroup_t; ') allow $1 cgroup_t:dir search; ') ######################################## ## ## Search dirs on cgroup ## file systems. ## ## ## ## Domain allowed access. ## ## # interface(`fs_write_cgroup_files', ` gen_require(` type cgroup_t; ') write_files_pattern($1, cgroup_t, cgroup_t) fs_search_cgroup_dirs($1) ')