From: "Jason Zaman" <perfinion@gentoo.org> To: gentoo-commits@lists.gentoo.org Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/ Date: Thu, 17 Dec 2015 16:10:39 +0000 (UTC) [thread overview] Message-ID: <1450365922.5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b.perfinion@gentoo> (raw) commit: 5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Fri Dec 11 13:03:36 2015 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Thu Dec 17 15:25:22 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5eb6ba4f Add interfaces to read/write /proc/sys/vm/overcommit_memory policy/modules/kernel/kernel.if | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index df42fa3..5f2f78e 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -3341,3 +3341,43 @@ interface(`kernel_unconfined',` typeattribute $1 kern_unconfined; kernel_load_module($1) ') + +######################################## +## <summary> +## Read virtual memory overcommit sysctl. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`kernel_read_vm_overcommit_sysctl',` + gen_require(` + type sysctl_vm_overcommit_t; + ') + + kernel_search_vm_sysctl($1) + allow $1 sysctl_vm_overcommit_t:file read_file_perms; +') + +######################################## +## <summary> +## Read and write virtual memory overcommit sysctl. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`kernel_rw_vm_overcommit_sysctl',` + gen_require(` + type sysctl_vm_overcommit_t; + ') + + kernel_search_vm_sysctl($1) + allow $1 sysctl_vm_overcommit_t:file rw_file_perms; +')
WARNING: multiple messages have this Message-ID (diff)
From: "Jason Zaman" <perfinion@gentoo.org> To: gentoo-commits@lists.gentoo.org Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/ Date: Thu, 17 Dec 2015 18:49:41 +0000 (UTC) [thread overview] Message-ID: <1450365922.5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b.perfinion@gentoo> (raw) Message-ID: <20151217184941.oSaaciy9vDNA9yFNKuxLNsqmUJjvtLcApVeetgjv7gI@z> (raw) commit: 5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Fri Dec 11 13:03:36 2015 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Thu Dec 17 15:25:22 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5eb6ba4f Add interfaces to read/write /proc/sys/vm/overcommit_memory policy/modules/kernel/kernel.if | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index df42fa3..5f2f78e 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -3341,3 +3341,43 @@ interface(`kernel_unconfined',` typeattribute $1 kern_unconfined; kernel_load_module($1) ') + +######################################## +## <summary> +## Read virtual memory overcommit sysctl. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`kernel_read_vm_overcommit_sysctl',` + gen_require(` + type sysctl_vm_overcommit_t; + ') + + kernel_search_vm_sysctl($1) + allow $1 sysctl_vm_overcommit_t:file read_file_perms; +') + +######################################## +## <summary> +## Read and write virtual memory overcommit sysctl. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`kernel_rw_vm_overcommit_sysctl',` + gen_require(` + type sysctl_vm_overcommit_t; + ') + + kernel_search_vm_sysctl($1) + allow $1 sysctl_vm_overcommit_t:file rw_file_perms; +')
next reply other threads:[~2015-12-17 16:10 UTC|newest] Thread overview: 269+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-12-17 16:10 Jason Zaman [this message] 2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/ Jason Zaman -- strict thread matches above, loose matches on Subject: below -- 2024-09-22 0:03 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2024-03-01 19:56 Kenton Groombridge 2024-03-01 19:56 Kenton Groombridge 2023-02-13 15:35 Kenton Groombridge 2023-02-13 15:35 Kenton Groombridge 2022-11-02 14:42 Kenton Groombridge 2022-11-02 14:42 Kenton Groombridge 2022-11-02 14:42 Kenton Groombridge 2022-09-03 19:54 Jason Zaman 2022-02-07 2:14 Jason Zaman 2022-01-30 1:22 Jason Zaman 2021-11-21 23:02 Jason Zaman 2021-11-21 19:33 Jason Zaman 2021-11-21 3:00 Jason Zaman 2021-11-11 21:27 Jason Zaman 2021-11-11 21:27 Jason Zaman 2021-11-11 21:27 Jason Zaman 2021-09-05 16:00 Jason Zaman 2021-09-05 16:00 Jason Zaman 2021-04-03 3:10 Jason Zaman 2021-04-03 3:10 Jason Zaman 2021-04-03 3:10 Jason Zaman 2021-04-03 3:10 Jason Zaman 2021-04-03 3:10 Jason Zaman 2021-03-21 22:10 Jason Zaman 2021-03-21 22:10 Jason Zaman 2021-01-11 1:27 Jason Zaman 2021-01-11 1:27 Jason Zaman 2020-10-13 3:02 Jason Zaman 2020-02-15 7:33 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-03-26 10:17 Jason Zaman 2019-03-26 10:17 Jason Zaman 2019-02-10 6:18 Jason Zaman 2019-02-10 4:14 Jason Zaman 2019-02-10 4:14 Jason Zaman 2019-02-10 4:14 Jason Zaman 2018-09-11 9:06 Jason Zaman 2018-09-11 9:06 Jason Zaman 2018-07-12 14:37 Jason Zaman 2018-06-09 5:24 Jason Zaman 2018-01-18 16:37 Sven Vermeulen 2018-01-18 16:37 Sven Vermeulen 2017-12-14 5:15 Jason Zaman 2017-12-12 7:59 Jason Zaman 2017-11-05 8:01 Jason Zaman 2017-10-29 20:42 Jason Zaman 2017-10-29 20:42 Jason Zaman 2017-10-29 20:42 Jason Zaman 2017-09-09 2:43 Jason Zaman 2017-09-09 2:43 Jason Zaman 2017-09-09 2:43 Jason Zaman 2017-09-09 2:43 Jason Zaman 2017-06-05 17:34 Jason Zaman 2017-06-05 17:25 Jason Zaman 2017-06-05 17:25 Jason Zaman 2017-06-05 17:25 Jason Zaman 2017-05-18 17:03 Sven Vermeulen 2017-05-07 16:09 Jason Zaman 2017-03-30 17:06 Jason Zaman 2017-03-02 10:17 Sven Vermeulen 2017-03-02 10:17 Sven Vermeulen 2017-03-02 10:17 Sven Vermeulen 2017-02-27 11:40 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-27 10:50 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-21 7:11 Jason Zaman 2017-02-21 7:11 Jason Zaman 2017-02-17 8:44 Jason Zaman 2017-01-13 18:43 Sven Vermeulen 2017-01-13 18:43 Sven Vermeulen 2017-01-13 18:43 Sven Vermeulen 2017-01-13 18:43 Sven Vermeulen 2017-01-13 18:43 Sven Vermeulen 2017-01-01 16:44 Jason Zaman 2017-01-01 16:37 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-01-01 16:36 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-01-01 16:36 Jason Zaman 2017-01-01 16:36 Jason Zaman 2016-12-08 4:47 Jason Zaman 2016-12-08 4:47 Jason Zaman 2016-12-06 12:26 Jason Zaman 2016-08-31 16:38 Jason Zaman 2016-08-31 16:38 Jason Zaman 2016-08-13 18:35 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-13 18:32 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-13 18:35 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-13 18:32 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-07-31 10:40 Sven Vermeulen 2016-07-31 10:40 Sven Vermeulen 2016-07-03 11:34 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen 2016-07-03 11:27 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2016-07-03 11:34 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen 2016-07-03 11:27 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2016-06-23 15:59 Jason Zaman 2016-06-02 6:32 Jason Zaman 2016-06-02 6:32 Jason Zaman 2016-05-13 5:37 Jason Zaman 2016-03-23 18:36 Jason Zaman 2016-03-23 18:36 Jason Zaman 2016-03-23 18:36 Jason Zaman 2016-03-23 18:36 Jason Zaman 2016-03-23 18:36 Jason Zaman 2016-03-23 18:36 Jason Zaman 2016-03-23 18:36 Jason Zaman 2016-03-23 18:36 Jason Zaman 2016-03-23 18:36 Jason Zaman 2016-02-12 3:51 Jason Zaman 2016-02-12 3:51 Jason Zaman 2016-02-12 3:51 Jason Zaman 2016-02-12 3:51 Jason Zaman 2016-02-12 3:51 Jason Zaman 2016-01-30 17:21 Jason Zaman 2016-01-30 17:21 Jason Zaman 2016-01-30 17:21 Jason Zaman 2015-12-17 18:49 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-12-17 16:10 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-12-17 16:10 Jason Zaman 2015-10-14 18:36 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-10-13 14:50 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-10-11 10:48 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-09-20 7:00 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-09-20 7:00 Jason Zaman 2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-27 18:58 Jason Zaman 2015-07-13 17:35 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen 2015-07-13 17:42 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2015-06-07 9:31 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2015-06-09 10:52 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2015-05-30 16:15 Jason Zaman 2015-05-22 19:32 Jason Zaman 2015-05-22 19:32 Jason Zaman 2015-03-05 13:15 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2015-03-04 19:34 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2015-03-04 15:35 Sven Vermeulen 2015-03-04 15:20 Sven Vermeulen 2015-02-15 18:36 Sven Vermeulen 2015-02-15 17:39 Sven Vermeulen 2015-01-25 13:46 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2015-01-25 13:45 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2015-01-25 13:45 Sven Vermeulen 2014-12-15 18:52 Sven Vermeulen 2014-12-15 18:40 Sven Vermeulen 2014-11-28 10:04 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2014-11-22 18:24 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-11-22 18:24 Sven Vermeulen 2014-11-22 17:43 Sven Vermeulen 2014-11-22 17:43 Sven Vermeulen 2014-10-25 19:21 Jason Zaman 2014-10-25 19:21 Jason Zaman 2014-08-31 18:27 Sven Vermeulen 2014-08-26 14:55 Sven Vermeulen 2014-08-26 14:55 Sven Vermeulen 2014-08-26 14:55 Sven Vermeulen 2014-08-26 14:55 Sven Vermeulen 2014-08-19 20:23 Sven Vermeulen 2014-08-19 20:07 Sven Vermeulen 2014-08-19 20:07 Sven Vermeulen 2014-08-19 9:19 Jason Zaman 2014-08-19 9:19 Jason Zaman 2014-08-19 9:19 Jason Zaman 2014-08-19 9:19 Jason Zaman 2014-08-19 9:19 Jason Zaman 2014-08-19 9:19 Jason Zaman 2014-08-19 9:19 Jason Zaman 2014-08-19 9:19 Jason Zaman 2014-08-15 14:51 Sven Vermeulen 2014-08-15 10:04 [gentoo-commits] proj/hardened-refpolicy:salt " Sven Vermeulen 2014-08-15 10:04 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-08-15 10:04 [gentoo-commits] proj/hardened-refpolicy:salt " Sven Vermeulen 2014-08-15 14:51 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-08-15 10:04 Sven Vermeulen 2014-08-15 10:04 Sven Vermeulen 2014-08-15 10:04 Sven Vermeulen 2014-08-15 10:04 Sven Vermeulen 2014-08-15 10:04 Sven Vermeulen 2014-08-08 8:50 [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen 2014-08-08 8:48 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-08-08 8:50 [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen 2014-08-08 8:48 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-08-08 8:48 Sven Vermeulen 2014-08-07 9:41 Sven Vermeulen 2014-08-06 18:13 [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen 2014-08-07 8:06 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-08-06 18:13 [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen 2014-08-07 8:06 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-07-05 16:06 Sven Vermeulen 2014-07-05 16:06 Sven Vermeulen 2014-07-05 16:06 Sven Vermeulen 2014-06-25 19:06 Sven Vermeulen 2014-06-25 19:06 Sven Vermeulen 2014-06-10 18:17 Sven Vermeulen 2014-06-10 18:17 Sven Vermeulen 2014-06-10 18:17 Sven Vermeulen 2014-06-10 18:17 Sven Vermeulen 2014-06-07 18:20 Sven Vermeulen 2014-06-07 18:12 Sven Vermeulen 2014-05-01 18:59 Sven Vermeulen 2014-04-21 15:25 Sven Vermeulen 2014-04-21 15:25 Sven Vermeulen 2014-04-21 15:25 Sven Vermeulen 2014-04-21 15:25 Sven Vermeulen 2014-04-21 15:25 Sven Vermeulen 2014-04-21 15:25 Sven Vermeulen 2014-04-21 15:25 Sven Vermeulen 2014-04-17 18:21 Sven Vermeulen 2014-04-11 17:48 Sven Vermeulen 2014-04-11 17:48 Sven Vermeulen 2014-04-08 16:12 Sven Vermeulen 2014-04-08 16:02 Sven Vermeulen 2014-04-08 16:02 Sven Vermeulen 2014-03-17 8:24 Sven Vermeulen 2014-02-17 19:55 Sven Vermeulen 2014-02-09 10:54 Sven Vermeulen 2014-02-09 10:54 Sven Vermeulen 2014-02-09 10:54 Sven Vermeulen 2014-02-09 10:54 Sven Vermeulen 2014-02-09 10:54 Sven Vermeulen 2014-02-09 10:54 Sven Vermeulen 2014-02-09 10:54 Sven Vermeulen 2014-02-09 10:54 Sven Vermeulen 2014-01-23 20:00 Sven Vermeulen 2014-01-19 19:01 Sven Vermeulen 2013-12-06 17:33 Sven Vermeulen 2013-11-03 11:19 Sven Vermeulen 2013-09-27 13:27 Sven Vermeulen 2013-09-27 13:27 Sven Vermeulen 2013-09-27 13:27 Sven Vermeulen 2013-09-27 13:27 Sven Vermeulen 2013-09-27 13:27 Sven Vermeulen 2013-09-27 13:27 Sven Vermeulen 2013-09-27 13:27 Sven Vermeulen 2013-09-27 6:50 Sven Vermeulen 2013-09-24 17:10 Sven Vermeulen 2013-09-24 17:10 Sven Vermeulen 2013-09-24 17:10 Sven Vermeulen 2013-09-24 17:10 Sven Vermeulen 2013-08-15 17:23 Sven Vermeulen 2013-08-15 9:22 Sven Vermeulen 2013-08-13 18:16 Sven Vermeulen 2013-05-16 9:06 Sven Vermeulen 2013-05-01 19:32 Sven Vermeulen 2013-05-01 18:42 Sven Vermeulen 2013-04-11 18:04 Sven Vermeulen 2013-04-11 17:30 Sven Vermeulen 2013-03-11 18:53 Sven Vermeulen 2013-03-10 15:29 Sven Vermeulen 2013-02-18 18:11 Sven Vermeulen 2013-02-04 19:17 Sven Vermeulen 2013-02-04 19:17 Sven Vermeulen 2013-02-04 19:17 Sven Vermeulen 2013-02-04 19:17 Sven Vermeulen 2013-02-04 19:17 Sven Vermeulen 2013-02-04 19:17 Sven Vermeulen 2012-12-29 18:24 Sven Vermeulen 2012-12-17 16:56 Sven Vermeulen 2012-12-08 18:21 Sven Vermeulen 2012-12-03 9:35 Sven Vermeulen 2012-12-03 9:35 Sven Vermeulen 2012-11-12 21:19 Sven Vermeulen 2012-11-10 17:40 Sven Vermeulen 2012-10-31 18:04 Sven Vermeulen 2012-10-31 18:04 Sven Vermeulen 2012-10-31 18:04 Sven Vermeulen 2012-10-30 20:24 Sven Vermeulen 2012-10-30 20:24 Sven Vermeulen 2012-10-19 15:06 Sven Vermeulen 2012-10-19 15:06 Sven Vermeulen 2012-10-19 15:06 Sven Vermeulen 2012-10-19 15:06 Sven Vermeulen 2012-10-10 19:52 Sven Vermeulen 2012-10-04 17:36 Sven Vermeulen 2012-10-04 17:36 Sven Vermeulen 2012-10-04 17:36 Sven Vermeulen 2012-10-04 17:36 Sven Vermeulen 2012-09-28 17:57 Sven Vermeulen 2012-09-28 17:57 Sven Vermeulen 2012-09-28 17:57 Sven Vermeulen 2012-09-08 17:30 Sven Vermeulen 2012-08-29 18:48 Sven Vermeulen 2012-08-28 17:28 Sven Vermeulen 2012-08-28 17:28 Sven Vermeulen 2012-08-28 17:28 Sven Vermeulen 2012-08-15 13:04 Sven Vermeulen 2012-05-26 17:06 Sven Vermeulen 2012-05-16 18:34 Sven Vermeulen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1450365922.5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b.perfinion@gentoo \ --to=perfinion@gentoo.org \ --cc=gentoo-commits@lists.gentoo.org \ --cc=gentoo-dev@lists.gentoo.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox