cgroup: allow associate to tmpfs Allows groups to be mounted at /dev/memcg Addresses: avc: denied { associate } for comm="init" name="memcg" scontext=u:object_r:cgroup:s0 tcontext=u:object_r:tmpfs:s0 tclass=filesystem permissive=0 Bug: 64067152 Test: build Change-Id: Ic8f641e841fe09c8f7fd487ed67cf0ab4860a1cc

commit: 5dcaa67b6fcb25004b0126f6fda49762811da507 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Wed Jul 26 10:19:33 2017 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Wed Jul 26 10:21:58 2017 -0700
tree: d3d4d8497ada87eec82b4f437893aaa4f01c0699
parent: a4cada74399f51a9e0fcf888cd1a9acfa285c679 [diff]
diff --git a/public/file.te b/public/file.te
index 437c361..01b6cf2 100644
--- a/public/file.te
+++ b/public/file.te

@@ -278,6 +278,7 @@
 
 # Allow files to be created in their appropriate filesystems.
 allow fs_type self:filesystem associate;
+allow cgroup tmpfs:filesystem associate;
 allow sysfs_type sysfs:filesystem associate;
 allow debugfs_type { debugfs debugfs_tracing }:filesystem associate;
 allow file_type labeledfs:filesystem associate;
commit	5dcaa67b6fcb25004b0126f6fda49762811da507	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Wed Jul 26 10:19:33 2017 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Wed Jul 26 10:21:58 2017 -0700
tree	d3d4d8497ada87eec82b4f437893aaa4f01c0699
parent	a4cada74399f51a9e0fcf888cd1a9acfa285c679 [diff]