From: dac.override@gmail.com (Dominick Grift)
Date: Thu, 10 Dec 2015 17:10:02 +0100
Subject: [refpolicy] [PATCH] kernel: implement sysctl_vm_overcommit_t
 for /proc/sys/vm/overcommit_memory
In-Reply-To: <1449763707-7084-1-git-send-email-dac.override@gmail.com>
References: <1449763707-7084-1-git-send-email-dac.override@gmail.com>
Message-ID: <20151210161001.GJ22216@x250>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, Dec 10, 2015 at 05:08:27PM +0100, Dominick Grift wrote:
> Whoever requires this type first gets to create the interfaces to operate on this object

untested but should work i suppose

> 
> Signed-off-by: Dominick Grift <dac.override@gmail.com>
> ---
>  policy/modules/kernel/kernel.te | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
> index 309f3e0..28f84ff 100644
> --- a/policy/modules/kernel/kernel.te
> +++ b/policy/modules/kernel/kernel.te
> @@ -153,6 +153,9 @@ genfscon proc /sys/net/unix gen_context(system_u:object_r:sysctl_net_unix_t,s0)
>  type sysctl_vm_t, sysctl_type;
>  genfscon proc /sys/vm gen_context(system_u:object_r:sysctl_vm_t,s0)
>  
> +type sysctl_vm_overcommit_t, sysctl_type;
> +genfscon proc /sys/vm/overcommit_memory gen_context(system_u:object_r:sysctl_vm_overcommit_t,s0)
> +
>  # /proc/sys/dev directory and files
>  type sysctl_dev_t, sysctl_type;
>  genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)
> -- 
> 2.5.0
> 

- -- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
https://sks-keyservers.net/pks/lookup?op=get&search=0x314883A202DFF788
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCgAGBQJWaaPUAAoJENAR6kfG5xmcrJAL/iZ3nItYYvjdTB/qJD2SwKja
E1A5OYdUJv1Ka3b8qn9Xy1YiOm6KbdD8duKWGQ1YjRtBsb7x7aQURSEpgj7ewo1V
96Rw6IxdpDugnxVDdr9rj/sHdNUp2bq8ppBY94M76khLgvhXj5DyDs1xvjOiy4Uy
L+C9vptLxSAYaRs7NBvpSPmBpvvrGmXYT9vsOiA3m1Jo0gT2KwZRsHvFctloK9aA
8JrBWAcg/GPgN/zpaNpomfqyVlAVPDNlW3SYrLT3Hk3fSART9nsUzU96HX+95p7d
PVjcmI28XmyCtPw8JIUB1cMUNxZeQQeftUsYdT0goElMxwaDmWRiE01qteMw/Wi5
ypHTwb8PY5h4DSp+XUmmOWPPCcABW4asbyy7pbVIM7wnRfybLIjgq50/e/VTcoRI
zyi6+Regwdf6rtmiJ+MY8226/fYXEdfvBcAFDKawbRWXze+1U01nRnpN/kzeL8/k
ta4ZnorR+UTWXEoTrNo8pc9gPQz08x0L8fWnrz+jzg==
=gX9x
-----END PGP SIGNATURE-----