RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-02-24 00:16:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add interfaces to read/write /proc/sys/vm/overcommit_memory

Browse Source
This commit is contained in:
Laurent Bigonville 2015-12-11 14:03:36 +01:00 committed by Chris PeBenito
parent 6b1b2e3965
commit 4340b9f8a4
1 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
policy/modules/kernel/kernel.if
View File

@ -3323,3 +3323,43 @@ interface(`kernel_unconfined',`
typeattribute $1 kern_unconfined;
kernel_load_module($1)
')
########################################
## <summary>
## Read virtual memory overcommit sysctl.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_read_vm_overcommit_sysctl',`
gen_require(`
type sysctl_vm_overcommit_t;
')
kernel_search_vm_sysctl($1)
allow $1 sysctl_vm_overcommit_t:file read_file_perms;
')
########################################
## <summary>
## Read and write virtual memory overcommit sysctl.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_rw_vm_overcommit_sysctl',`
gen_require(`
type sysctl_vm_overcommit_t;
')
kernel_search_vm_sysctl($1)
allow $1 sysctl_vm_overcommit_t:file rw_file_perms;
')