From 73f09850922634a916e263ee9b43029a4186e43c Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Mon, 7 Jun 2010 20:25:59 +0200
Subject: [PATCH] How libgroup init scripts interact with libcgroup.

The libcgroup init scripts use tools in /usr/bin like cgexec and cgclear.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
---
 policy/modules/system/init.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 53696379c..62c1c0d93 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -343,6 +343,9 @@ files_mounton_isid_type_dirs(initrc_t)
 files_list_default(initrc_t)
 files_mounton_default(initrc_t)
 
+fs_delete_cgroup_dirs(initrc_t)
+fs_list_cgroup_dirs(initrc_t) 
+fs_rw_cgroup_files(initrc_t)
 fs_list_inotifyfs(initrc_t)
 fs_register_binary_executable_type(initrc_t)
 # rhgb-console writes to ramfs
@@ -571,6 +574,10 @@ optional_policy(`
 	bluetooth_read_config(initrc_t)
 ')
 
+optional_policy(`
+	cgroup_stream_connect(initrc_t)
+')
+
 optional_policy(`
 	clamav_read_config(initrc_t)
 ')