Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/
Date: Thu, 17 Dec 2015 18:49:46
Message-Id: 1450365922.5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b.perfinion@gentoo
1 commit: 5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b
2 Author: Laurent Bigonville <bigon <AT> bigon <DOT> be>
3 AuthorDate: Fri Dec 11 13:03:36 2015 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Thu Dec 17 15:25:22 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5eb6ba4f
7
8 Add interfaces to read/write /proc/sys/vm/overcommit_memory
9
10 policy/modules/kernel/kernel.if | 40 ++++++++++++++++++++++++++++++++++++++++
11 1 file changed, 40 insertions(+)
12
13 diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
14 index df42fa3..5f2f78e 100644
15 --- a/policy/modules/kernel/kernel.if
16 +++ b/policy/modules/kernel/kernel.if
17 @@ -3341,3 +3341,43 @@ interface(`kernel_unconfined',`
18 typeattribute $1 kern_unconfined;
19 kernel_load_module($1)
20 ')
21 +
22 +########################################
23 +## <summary>
24 +## Read virtual memory overcommit sysctl.
25 +## </summary>
26 +## <param name="domain">
27 +## <summary>
28 +## Domain allowed access.
29 +## </summary>
30 +## </param>
31 +## <rolecap/>
32 +#
33 +interface(`kernel_read_vm_overcommit_sysctl',`
34 + gen_require(`
35 + type sysctl_vm_overcommit_t;
36 + ')
37 +
38 + kernel_search_vm_sysctl($1)
39 + allow $1 sysctl_vm_overcommit_t:file read_file_perms;
40 +')
41 +
42 +########################################
43 +## <summary>
44 +## Read and write virtual memory overcommit sysctl.
45 +## </summary>
46 +## <param name="domain">
47 +## <summary>
48 +## Domain allowed access.
49 +## </summary>
50 +## </param>
51 +## <rolecap/>
52 +#
53 +interface(`kernel_rw_vm_overcommit_sysctl',`
54 + gen_require(`
55 + type sysctl_vm_overcommit_t;
56 + ')
57 +
58 + kernel_search_vm_sysctl($1)
59 + allow $1 sysctl_vm_overcommit_t:file rw_file_perms;
60 +')
Report Message
Find on MARC Find on Google Groups