commit: 1c1afe0de1dcbd230f92d856769bd9adb176e1d1 Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Fri Jan 6 13:18:24 2017 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Fri Jan 13 18:39:46 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1c1afe0d
Use genfscon to label /sys/devices/system/cpu/online as cpu_online_t Since 8e01472078763ebc1eaea089a1adab75dd982ccd, it's possible to use genfscon for sysfs. This patch should help to deprecate distribution specific call to restorecon or tmpfiles to restore /sys/devices/system/cpu/online during boot. Thanks to Dominick for the tip. policy/modules/kernel/devices.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te index 9b1f207..67515ad 100644 --- a/policy/modules/kernel/devices.te +++ b/policy/modules/kernel/devices.te @@ -66,6 +66,7 @@ dev_node(cpu_device_t) type cpu_online_t, sysfs_types; files_type(cpu_online_t) dev_associate_sysfs(cpu_online_t) +genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0) # # Type for /dev/crash
