cgroup: allow associate to tmpfs
Allows groups to be mounted at /dev/memcg
Addresses:
avc: denied { associate } for comm="init" name="memcg"
scontext=u:object_r:cgroup:s0 tcontext=u:object_r:tmpfs:s0
tclass=filesystem permissive=0
Bug: 64067152
Test: build
Change-Id: Ic8f641e841fe09c8f7fd487ed67cf0ab4860a1cc
This commit is contained in:
Jeff Vander Stoep
parent
a4cada7439
commit
5dcaa67b6f
1 changed files with 1 additions and 0 deletions
|
|
@ -278,6 +278,7 @@ type property_contexts, file_type;
|
|||
|
||||
# Allow files to be created in their appropriate filesystems.
|
||||
allow fs_type self:filesystem associate;
|
||||
allow cgroup tmpfs:filesystem associate;
|
||||
allow sysfs_type sysfs:filesystem associate;
|
||||
allow debugfs_type { debugfs debugfs_tracing }:filesystem associate;
|
||||
allow file_type labeledfs:filesystem associate;
|
||||
|
|
|
|||
Loading…
Reference in a new issue