From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 2 May 2016 08:33:46 -0400 Subject: [refpolicy] [PATCH] Update refpolicy to handle hwloc In-Reply-To: <1461837848-6472-1-git-send-email-dac.override@gmail.com> References: <1461770515-13153-1-git-send-email-grzegorz.andrejczuk@intel.com> <1461837848-6472-1-git-send-email-dac.override@gmail.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 4/28/2016 6:04 AM, Dominick Grift wrote: > The Portable Hardware Locality (hwloc) software package provides a > portable abstraction (across OS, versions, architectures, ...) of the > hierarchical topology of modern architectures, including NUMA memory > nodes, sockets, shared caches, cores and simultaneous multithreading. It > also gathers various system attributes such as cache and memory > information as well as the locality of I/O devices such as network > interfaces, InfiniBand HCAs or GPUs. > > Following changes enable: > - add interface to change dirs in /var/run > - add optional policies for hwloc-dump-hwdata > > V3: > Remove files_rw_pid_dirs() > Call hwloc_admin(sysadm_t) instead of hwloc_manage_runtime(sysadm_t) > Adjust calls to renamed hwloc dhwd run and exec interfaces Merged. > Signed-off-by: Dominick Grift > --- > policy/modules/roles/sysadm.te | 5 +++++ > policy/modules/system/userdomain.if | 5 +++++ > 2 files changed, 10 insertions(+) > > diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te > index ceaa4cb..5bbb52c 100644 > --- a/policy/modules/roles/sysadm.te > +++ b/policy/modules/roles/sysadm.te > @@ -458,6 +458,11 @@ optional_policy(` > ') > > optional_policy(` > + hwloc_admin(sysadm_t) > + hwloc_run_dhwd(sysadm_t, sysadm_r) > +') > + > +optional_policy(` > howl_admin(sysadm_t, sysadm_r) > ') > > diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if > index cbb6e09..d604147 100644 > --- a/policy/modules/system/userdomain.if > +++ b/policy/modules/system/userdomain.if > @@ -619,6 +619,11 @@ template(`userdom_common_user_template',` > ') > > optional_policy(` > + hwloc_exec_dhwd($1_t) > + hwloc_read_runtime_files($1_t) > + ') > + > + optional_policy(` > inetd_use_fds($1_t) > inetd_rw_tcp_sockets($1_t) > ') > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com