> This can't be fixed in policy. Policycoreutils should have an init script or
> systemd tmpfiles config file to set it.
I just retested myself and it's working with the kernel from unstable (apparently you need >= 4.2) and the following line:
genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0) So yes it can be solved in the policy.
