From ab3afa4143e5d84daaa27a11743af3a6eb09c3df Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Thu, 23 Dec 2021 10:52:01 +0100
Subject: [PATCH] Allow haproxy get attributes of cgroup filesystems

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/ab3afa4143e5d84daaa27a11743af3a6eb09c3df
Conflict: NA

Resolves: rhbz#2035133
Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/contrib/rhcs.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/contrib/rhcs.te b/policy/modules/contrib/rhcs.te
index 3d9199e..b143e2b 100644
--- a/policy/modules/contrib/rhcs.te
+++ b/policy/modules/contrib/rhcs.te
@@ -665,6 +665,8 @@ dev_list_sysfs(haproxy_t)
 dev_read_rand(haproxy_t)
 dev_read_urand(haproxy_t)
 
+fs_getattr_cgroup(haproxy_t)
+
 sysnet_dns_name_resolve(haproxy_t)
 
 tunable_policy(`haproxy_connect_any',`
-- 
1.8.3.1