From 8266424bcb66f1dc5ddba2e0ca8852b2c0542b39 Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Thu, 5 Jan 2017 11:40:32 +0100
Subject: [PATCH] systemd_cgroups_t: fix denials

---
 policy/modules/system/systemd.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 4bd7f9b3c..395f62cd7 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -185,6 +185,10 @@ fs_register_binary_executable_type(systemd_binfmt_t)
 kernel_domtrans_to(systemd_cgroups_t, systemd_cgroups_exec_t)
 kernel_dgram_send(systemd_cgroups_t)
 
+selinux_getattr_fs(systemd_cgroups_t)
+
+# write to /run/systemd/cgroups-agent
+init_dgram_send(systemd_cgroups_t)
 init_stream_connect(systemd_cgroups_t)
 
 systemd_log_parse_environment(systemd_cgroups_t)