psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame ksmtuned.if

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   650e205dfb50d13746a12ae6c1e74b76af64e11a
  2.   ksmtuned.if
Blob History Raw
Dominick Grift c30579e 
## <summary>Kernel Samepage Merging Tuning Daemon.</summary>
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Chris PeBenito 9401ae1 
##	Execute a domain transition to run ksmtuned.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
## <summary>
Chris PeBenito 9401ae1 
##	Domain allowed to transition.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`ksmtuned_domtrans',`
Chris PeBenito 9401ae1 
	gen_require(`
Chris PeBenito 9401ae1 
		type ksmtuned_t, ksmtuned_exec_t;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Dominick Grift c30579e 
	corecmd_search_bin($1)
Chris PeBenito 9401ae1 
	domtrans_pattern($1, ksmtuned_exec_t, ksmtuned_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Dominick Grift c30579e 
##	Execute ksmtuned server in
Dominick Grift c30579e 
##	the ksmtuned domain.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Domain allowed to transition.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`ksmtuned_initrc_domtrans',`
Chris PeBenito 9401ae1 
	gen_require(`
Chris PeBenito 9401ae1 
		type ksmtuned_initrc_exec_t;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
	init_labeled_script_domtrans($1, ksmtuned_initrc_exec_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
## <summary>
Dominick Grift c30579e 
##	All of the rules required to
Dominick Grift c30579e 
##	administrate an ksmtuned environment.
Chris PeBenito 9401ae1 
## </summary>
Chris PeBenito 9401ae1 
## <param name="domain">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Domain allowed access.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
## <param name="role">
Chris PeBenito 9401ae1 
##	<summary>
Chris PeBenito 9401ae1 
##	Role allowed access.
Chris PeBenito 9401ae1 
##	</summary>
Chris PeBenito 9401ae1 
## </param>
Chris PeBenito 9401ae1 
## <rolecap/>
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
interface(`ksmtuned_admin',`
Chris PeBenito 9401ae1 
	gen_require(`
Chris PeBenito 9401ae1 
		type ksmtuned_t, ksmtuned_var_run_t;
Dominick Grift c30579e 
		type ksmtuned_initrc_exec_t, ksmtuned_log_t;
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1
Dominick Grift c30579e 
	ksmtuned_initrc_domtrans($1)
Dominick Grift c30579e 
	domain_system_change_exemption($1)
Dominick Grift c30579e 
	role_transition $2 ksmtuned_initrc_exec_t system_r;
Dominick Grift c30579e 
	allow $2 system_r;
Dominick Grift c30579e
Chris PeBenito 9401ae1 
	allow $1 ksmtuned_t:process { ptrace signal_perms };
Chris PeBenito 9401ae1 
	ps_process_pattern(ksmtumed_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
	files_list_pids($1)
Chris PeBenito 9401ae1 
	admin_pattern($1, ksmtuned_var_run_t)
Chris PeBenito 9401ae1
Dominick Grift c30579e 
	logging_search_logs($1)
Dominick Grift c30579e 
	admin_pattern($1, ksmtuned_log_t)
Chris PeBenito 9401ae1 
')
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.