From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 10 Dec 2015 15:47:12 -0500
Subject: [refpolicy] [PATCH] kernel: implement sysctl_vm_overcommit_t
 for /proc/sys/vm/overcommit_memory
In-Reply-To: <1449763707-7084-1-git-send-email-dac.override@gmail.com>
References: <1449763707-7084-1-git-send-email-dac.override@gmail.com>
Message-ID: <5669E4D0.2080302@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/10/2015 11:08 AM, Dominick Grift wrote:
> Whoever requires this type first gets to create the interfaces to operate on this object
> 
> Signed-off-by: Dominick Grift <dac.override@gmail.com>
> ---
>  policy/modules/kernel/kernel.te | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
> index 309f3e0..28f84ff 100644
> --- a/policy/modules/kernel/kernel.te
> +++ b/policy/modules/kernel/kernel.te
> @@ -153,6 +153,9 @@ genfscon proc /sys/net/unix gen_context(system_u:object_r:sysctl_net_unix_t,s0)
>  type sysctl_vm_t, sysctl_type;
>  genfscon proc /sys/vm gen_context(system_u:object_r:sysctl_vm_t,s0)
>  
> +type sysctl_vm_overcommit_t, sysctl_type;
> +genfscon proc /sys/vm/overcommit_memory gen_context(system_u:object_r:sysctl_vm_overcommit_t,s0)
> +
>  # /proc/sys/dev directory and files
>  type sysctl_dev_t, sysctl_type;
>  genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com