From 61c0f84dbc122fddd7a40d6f631686f060714284 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 14 Dec 2011 10:15:53 -0500
Subject: [PATCH] Add new labels for content under /sys/

---
 policy/modules/kernel/devices.fc | 1 +
 policy/modules/kernel/devices.te | 4 ++--
 policy/modules/kernel/kernel.fc  | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index 26c13f29..2354089f 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -205,6 +205,7 @@ ifdef(`distro_redhat',`
 # /sys
 #
 /sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
+/sys/devices/system/cpu/online	gen_context(system_u:object_r:cpu_online_t,s0)
 
 /usr/lib/udev/devices(/.*)?		gen_context(system_u:object_r:device_t,s0)
 /usr/lib/udev/devices/lp.*	-c	gen_context(system_u:object_r:printer_device_t,s0)
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 112bebba..8f727be3 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -226,8 +226,8 @@ fs_type(sysfs_t)
 genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
 
 type cpu_online_t;
-allow cpu_online_t sysfs_t:filesystem associate;
-genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
+files_type(cpu_online_t)
+dev_associate_sysfs(cpu_online_t)
 
 #
 # Type for /dev/tpm
diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
index 7be4ddf7..f7021a00 100644
--- a/policy/modules/kernel/kernel.fc
+++ b/policy/modules/kernel/kernel.fc
@@ -1 +1,2 @@
-# This module currently does not have any file contexts.
+
+/sys/class/net/ib.* 		gen_context(system_u:object_r:sysctl_net_t,s0)
-- 
2.47.3