From 73f09850922634a916e263ee9b43029a4186e43c Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Jun 08 2010 12:38:29 +0000
Subject: How libgroup init scripts interact with libcgroup.


The libcgroup init scripts use tools in /usr/bin like cgexec and cgclear.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

---

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 5369637..62c1c0d 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -343,6 +343,9 @@ files_mounton_isid_type_dirs(initrc_t)
 files_list_default(initrc_t)
 files_mounton_default(initrc_t)
 
+fs_delete_cgroup_dirs(initrc_t)
+fs_list_cgroup_dirs(initrc_t) 
+fs_rw_cgroup_files(initrc_t)
 fs_list_inotifyfs(initrc_t)
 fs_register_binary_executable_type(initrc_t)
 # rhgb-console writes to ramfs
@@ -572,6 +575,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	cgroup_stream_connect(initrc_t)
+')
+
+optional_policy(`
 	clamav_read_config(initrc_t)
 ')