From: dac.override@gmail.com (Dominick Grift) Date: Thu, 28 Apr 2016 12:06:40 +0200 Subject: [refpolicy] [PATCH V3 RESENT] Update refpolicy to handle hwloc In-Reply-To: <1461770515-13153-1-git-send-email-grzegorz.andrejczuk@intel.com> References: <1461770515-13153-1-git-send-email-grzegorz.andrejczuk@intel.com> Message-ID: <1461838000-6860-1-git-send-email-dac.override@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The Portable Hardware Locality (hwloc) software package provides a portable abstraction (across OS, versions, architectures, ...) of the hierarchical topology of modern architectures, including NUMA memory nodes, sockets, shared caches, cores and simultaneous multithreading. It also gathers various system attributes such as cache and memory information as well as the locality of I/O devices such as network interfaces, InfiniBand HCAs or GPUs. Following changes enable: - add interface to change dirs in /var/run - add optional policies for hwloc-dump-hwdata V3: Remove files_rw_pid_dirs() Call hwloc_admin(sysadm_t) instead of hwloc_manage_runtime(sysadm_t) Adjust calls to renamed hwloc dhwd run and exec interfaces Signed-off-by: Dominick Grift --- policy/modules/roles/sysadm.te | 5 +++++ policy/modules/system/userdomain.if | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te index ceaa4cb..5bbb52c 100644 --- a/policy/modules/roles/sysadm.te +++ b/policy/modules/roles/sysadm.te @@ -458,6 +458,11 @@ optional_policy(` ') optional_policy(` + hwloc_admin(sysadm_t) + hwloc_run_dhwd(sysadm_t, sysadm_r) +') + +optional_policy(` howl_admin(sysadm_t, sysadm_r) ') diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index cbb6e09..d604147 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -619,6 +619,11 @@ template(`userdom_common_user_template',` ') optional_policy(` + hwloc_exec_dhwd($1_t) + hwloc_read_runtime_files($1_t) + ') + + optional_policy(` inetd_use_fds($1_t) inetd_rw_tcp_sockets($1_t) ') -- 2.5.5