From 5dcaa67b6fcb25004b0126f6fda49762811da507 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Wed, 26 Jul 2017 10:19:33 -0700 Subject: [PATCH] cgroup: allow associate to tmpfs Allows groups to be mounted at /dev/memcg Addresses: avc: denied { associate } for comm="init" name="memcg" scontext=u:object_r:cgroup:s0 tcontext=u:object_r:tmpfs:s0 tclass=filesystem permissive=0 Bug: 64067152 Test: build Change-Id: Ic8f641e841fe09c8f7fd487ed67cf0ab4860a1cc --- public/file.te | 1 + 1 file changed, 1 insertion(+) diff --git a/public/file.te b/public/file.te index 437c361e6..01b6cf206 100644 --- a/public/file.te +++ b/public/file.te @@ -278,6 +278,7 @@ type property_contexts, file_type; # Allow files to be created in their appropriate filesystems. allow fs_type self:filesystem associate; +allow cgroup tmpfs:filesystem associate; allow sysfs_type sysfs:filesystem associate; allow debugfs_type { debugfs debugfs_tracing }:filesystem associate; allow file_type labeledfs:filesystem associate;