File 1236535-cgroup_dirs_functions.diff of Package selinux-policy

commit 995ce128f3a6fda60ea46a307636333d03701cb2
Author: Zdenek Pytela <zpytela@redhat.com>
Date:   Fri Jul 4 20:07:05 2025 +0200

    Add fs_write_cgroup_dirs() and fs_setattr_cgroup_dirs() interfaces

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 8738ceed0..4853c99de 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -829,6 +829,42 @@ interface(`fs_list_cgroup_dirs',`
 	dev_search_sysfs($1)
 ')
 
+########################################
+## <summary>
+##	write cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_write_cgroup_dirs',`
+	gen_require(`
+		type cgroup_t;
+	')
+
+	allow $1 cgroup_t:dir write;
+')
+
+########################################
+## <summary>
+##	setattr cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_setattr_cgroup_dirs',`
+	gen_require(`
+		type cgroup_t;
+	')
+
+	allow $1 cgroup_t:dir setattr;
+')
+
 #######################################
 ## <summary>
 ##  Do not audit attempts to search cgroup directories.

Places

File 1236535-cgroup_dirs_functions.diff of Package selinux-policy

Places