Add new labels for content under /sys/

diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index 26c13f295b27105bcfc8f4154e6b2415145d3378..2354089fe6eff2cd1f33cda7dbcfb4fce2eab1a0 100644 (file)
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -205,6 +205,7 @@ ifdef(`distro_redhat',`
 # /sys
 #
 /sys(/.*)?                     gen_context(system_u:object_r:sysfs_t,s0)
+/sys/devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
 
 /usr/lib/udev/devices(/.*)?            gen_context(system_u:object_r:device_t,s0)
 /usr/lib/udev/devices/lp.*     -c      gen_context(system_u:object_r:printer_device_t,s0)

diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 112bebba737fc00c21a5b474263bd505b3d24392..8f727be38790be3beb2df815454de53f59023e7d 100644 (file)
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -226,8 +226,8 @@ fs_type(sysfs_t)
 genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
 
 type cpu_online_t;
-allow cpu_online_t sysfs_t:filesystem associate;
-genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
+files_type(cpu_online_t)
+dev_associate_sysfs(cpu_online_t)
 
 #
 # Type for /dev/tpm

diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
index 7be4ddf74d1ad2d8a6637563e88bc3146a2a96b6..f7021a0083c2466cf254c9df7259e77aa345dbbc 100644 (file)
--- a/policy/modules/kernel/kernel.fc
+++ b/policy/modules/kernel/kernel.fc
@@ -1 +1,2 @@
-# This module currently does not have any file contexts.
+
+/sys/class/net/ib.*            gen_context(system_u:object_r:sysctl_net_t,s0)