From dea2090ac3b3d621e25010c81690b078b7d80f74 Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <me@concord.sh>
Date: Mon, 6 Mar 2023 10:40:53 -0500
Subject: [PATCH] logging: allow systemd-journald to list cgroups

Signed-off-by: Kenton Groombridge <me@concord.sh>
---
 policy/modules/system/logging.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index abd61e6bd..4b6d6dbef 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -548,6 +548,8 @@ ifdef(`init_systemd',`
 	domain_getattr_all_domains(syslogd_t)
 	domain_read_all_domains_state(syslogd_t)
 
+	fs_list_cgroup_dirs(syslogd_t)
+
 	init_create_runtime_dirs(syslogd_t)
 	init_daemon_runtime_file(syslogd_runtime_t, dir, "syslogd")
 	init_getattr(syslogd_t)