path: root/rootdir/init.rc
diff options
authorMartijn Coenen <>2016-02-08 11:42:25 +0100
committerMartijn Coenen <>2016-02-08 11:45:27 +0100
commit623b56af5da59fb57abcb2d984762669c82f57e9 (patch)
tree77bb9cbf8a409a2f264ca8b459854f3b670a813f /rootdir/init.rc
parent23419e3926459896c5b22666659fd72da2fca63d (diff)
Fix libprocessgroup SELinux denials.
libprocessgroup checks whether it can use memory cgroups for keeping track of forked processes by seeing whether /dev/memcg/apps is writable. However, on systems with memory cgroups disabled, SELinux (correctly) no longer classifies this directory as a cgroup, and starts denying zygote access. To fix this, first check whether /dev/memcg/apps/tasks exists to see if the cgroup is mounted; only then check whether we can write to the directory. Bug: 27046965 Change-Id: I6e44cd62d8c396e20ceb162c50606b3e86f2cb3e
Diffstat (limited to 'rootdir/init.rc')
1 files changed, 1 insertions, 1 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index e2ffe5db0..faae48efb 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -85,7 +85,7 @@ on init
# root memory control cgroup, used by lmkd
mkdir /dev/memcg 0700 root system
mount cgroup none /dev/memcg memory
- # app mem cgroups, used by activity manager and lmkd
+ # app mem cgroups, used by activity manager, lmkd and zygote
mkdir /dev/memcg/apps/ 0755 system system
write /proc/sys/kernel/panic_on_oops 1