From 3f4e3181cf8671917b34d20f9276ebf2328c1499 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 26 Jul 2017 10:19:33 -0700
Subject: [PATCH] cgroup: allow associate to tmpfs

Allows groups to be mounted at /dev/memcg

Addresses:
avc: denied { associate } for comm="init" name="memcg"
scontext=u:object_r:cgroup:s0 tcontext=u:object_r:tmpfs:s0
tclass=filesystem permissive=0

Bug: 64067152
Test: build
Change-Id: Ic8f641e841fe09c8f7fd487ed67cf0ab4860a1cc
---
 public/file.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/file.te b/public/file.te
index 72f22feea..bcdc4612b 100644
--- a/public/file.te
+++ b/public/file.te
@@ -324,6 +324,7 @@ type vndservice_contexts_file, file_type;
 
 # Allow files to be created in their appropriate filesystems.
 allow fs_type self:filesystem associate;
+allow cgroup tmpfs:filesystem associate;
 allow sysfs_type sysfs:filesystem associate;
 allow debugfs_type { debugfs debugfs_tracing }:filesystem associate;
 allow file_type labeledfs:filesystem associate;
-- 
GitLab