container: add tunable to allow containers to use huge pages

Signed-off-by: Kenton Groombridge <me@concord.sh>
2022-10-01 13:58:49 -04:00 · 2022-10-01 13:58:49 -04:00 · 9216a7a7f1
commit 9216a7a7f1
parent dc66fd7238
1 changed files with 11 additions and 0 deletions
--- a/policy/modules/services/container.te
+++ b/policy/modules/services/container.te
@ -44,6 +44,13 @@ gen_tunable(container_spc_create_nfs_servers, false)
 ## </desc>
 gen_tunable(container_use_ecryptfs, false)

+## <desc>
+##	<p>
+##	Allow containers to use huge pages.
+##	</p>
+## </desc>
+gen_tunable(container_use_hugetlbfs, false)
+
 ## <desc>
 ##	<p>
 ##	Allow containers to use NFS filesystems.
@ -306,6 +313,10 @@ tunable_policy(`container_use_ecryptfs',`
 	fs_list_ecryptfs(container_domain)
 ')

+tunable_policy(`container_use_hugetlbfs',`
+	fs_mmap_rw_hugetlbfs_files(container_t)
+')
+
 tunable_policy(`container_use_nfs',`
 	fs_manage_nfs_dirs(container_domain)
 	fs_manage_nfs_files(container_domain)