2009-10-26 14:19:42

by domg472

[permalink] [raw]
Subject: [refpolicy] [ tuned patch 1/1] Fixes for tuned domain.

tuned.te: Style fixes.
tuned.if: Add description.
tuned.if: Remove obsolete tuned_initrc_exec_t type requirement.

Signed-off-by: Dominick Grift <[email protected]>
---
:100644 100644 25b2435... 271a341... M policy/modules/services/tuned.if
:100644 100644 b54ead0... d4f5702... M policy/modules/services/tuned.te
policy/modules/services/tuned.if | 10 +++++++++-
policy/modules/services/tuned.te | 4 ++--
2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/policy/modules/services/tuned.if b/policy/modules/services/tuned.if
index 25b2435..271a341 100644
--- a/policy/modules/services/tuned.if
+++ b/policy/modules/services/tuned.if
@@ -1,4 +1,13 @@
## <summary>Dynamic adaptive system tuning daemon</summary>
+## <desc>
+## <p>
+## The tuned package contains a daemon that tunes system settings dynamically.
+## It does so by monitoring the usage of several system components periodically.
+## Based on that information components will then be put into lower or higher
+## power saving modes to adapt to the current usage. Currently only ethernet
+## network and ATA harddisk devices are implemented.
+## </p>
+## </desc>

########################################
## <summary>
@@ -113,7 +122,6 @@ interface(`tuned_initrc_domtrans',`
interface(`tuned_admin',`
gen_require(`
type tuned_t, tuned_var_run_t;
- type tuned_initrc_exec_t;
')

allow $1 tuned_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/tuned.te b/policy/modules/services/tuned.te
index b54ead0..d4f5702 100644
--- a/policy/modules/services/tuned.te
+++ b/policy/modules/services/tuned.te
@@ -28,16 +28,16 @@ files_pid_filetrans(tuned_t, tuned_var_run_t, file)

corecmd_exec_shell(tuned_t)

-kernel_read_system_state(tuned_t)
kernel_read_network_state(tuned_t)
+kernel_read_system_state(tuned_t)

dev_read_sysfs(tuned_t)
# to allow cpu tuning
dev_rw_netcontrol(tuned_t)

+files_dontaudit_search_home(tuned_t)
files_read_etc_files(tuned_t)
files_read_usr_files(tuned_t)
-files_dontaudit_search_home(tuned_t)

miscfiles_read_localization(tuned_t)

--
1.6.5.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20091026/c9d903f1/attachment.bin