From: domg472@gmail.com (Dominick Grift) Date: Mon, 26 Oct 2009 15:19:42 +0100 Subject: [refpolicy] [ tuned patch 1/1] Fixes for tuned domain. Message-ID: <20091026141938.GA28422@notebook3.grift.internal> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com tuned.te: Style fixes. tuned.if: Add description. tuned.if: Remove obsolete tuned_initrc_exec_t type requirement. Signed-off-by: Dominick Grift --- :100644 100644 25b2435... 271a341... M policy/modules/services/tuned.if :100644 100644 b54ead0... d4f5702... M policy/modules/services/tuned.te policy/modules/services/tuned.if | 10 +++++++++- policy/modules/services/tuned.te | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/policy/modules/services/tuned.if b/policy/modules/services/tuned.if index 25b2435..271a341 100644 --- a/policy/modules/services/tuned.if +++ b/policy/modules/services/tuned.if @@ -1,4 +1,13 @@ ## Dynamic adaptive system tuning daemon +## +##

+## The tuned package contains a daemon that tunes system settings dynamically. +## It does so by monitoring the usage of several system components periodically. +## Based on that information components will then be put into lower or higher +## power saving modes to adapt to the current usage. Currently only ethernet +## network and ATA harddisk devices are implemented. +##

+## ######################################## ## @@ -113,7 +122,6 @@ interface(`tuned_initrc_domtrans',` interface(`tuned_admin',` gen_require(` type tuned_t, tuned_var_run_t; - type tuned_initrc_exec_t; ') allow $1 tuned_t:process { ptrace signal_perms }; diff --git a/policy/modules/services/tuned.te b/policy/modules/services/tuned.te index b54ead0..d4f5702 100644 --- a/policy/modules/services/tuned.te +++ b/policy/modules/services/tuned.te @@ -28,16 +28,16 @@ files_pid_filetrans(tuned_t, tuned_var_run_t, file) corecmd_exec_shell(tuned_t) -kernel_read_system_state(tuned_t) kernel_read_network_state(tuned_t) +kernel_read_system_state(tuned_t) dev_read_sysfs(tuned_t) # to allow cpu tuning dev_rw_netcontrol(tuned_t) +files_dontaudit_search_home(tuned_t) files_read_etc_files(tuned_t) files_read_usr_files(tuned_t) -files_dontaudit_search_home(tuned_t) miscfiles_read_localization(tuned_t) -- 1.6.5.1 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20091026/c9d903f1/attachment.bin