commit: 8f8722e0e188680bf9d1bc518e515685cd424667
Author: Dominick Grift <dac.override <AT> gmail <DOT> com>
AuthorDate: Thu Apr 28 10:06:40 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri May 13 05:07:33 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8f8722e0
Update refpolicy to handle hwloc
The Portable Hardware Locality (hwloc) software package provides a
portable abstraction (across OS, versions, architectures, ...) of the
hierarchical topology of modern architectures, including NUMA memory
nodes, sockets, shared caches, cores and simultaneous multithreading. It
also gathers various system attributes such as cache and memory
information as well as the locality of I/O devices such as network
interfaces, InfiniBand HCAs or GPUs.
Following changes enable:
- add interface to change dirs in /var/run
- add optional policies for hwloc-dump-hwdata
V3:
Remove files_rw_pid_dirs()
Call hwloc_admin(sysadm_t) instead of hwloc_manage_runtime(sysadm_t)
Adjust calls to renamed hwloc dhwd run and exec interfaces
Signed-off-by: Dominick Grift <dac.override <AT> gmail.com>
policy/modules/roles/sysadm.te | 5 +++++
policy/modules/system/userdomain.if | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 6c46905..e9e3e43 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -458,6 +458,11 @@ optional_policy(`
')
optional_policy(`
+ hwloc_admin(sysadm_t)
+ hwloc_run_dhwd(sysadm_t, sysadm_r)
+')
+
+optional_policy(`
howl_admin(sysadm_t, sysadm_r)
')
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index e341a1c..9284808 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -645,6 +645,11 @@ template(`userdom_common_user_template',`
')
optional_policy(`
+ hwloc_exec_dhwd($1_t)
+ hwloc_read_runtime_files($1_t)
+ ')
+
+ optional_policy(`
inetd_use_fds($1_t)
inetd_rw_tcp_sockets($1_t)
')
