From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-851963-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 9EF411384B4
	for <garchives@archives.gentoo.org>; Thu, 17 Dec 2015 16:10:54 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 74D5B21C004;
	Thu, 17 Dec 2015 16:10:44 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id DC26DE085C
	for <gentoo-commits@lists.gentoo.org>; Thu, 17 Dec 2015 16:10:42 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id EC09E3406DD
	for <gentoo-commits@lists.gentoo.org>; Thu, 17 Dec 2015 16:10:41 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 3E5D8CEA
	for <gentoo-commits@lists.gentoo.org>; Thu, 17 Dec 2015 16:10:39 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1450365922.5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/kernel/kernel.if
X-VCS-Directories: policy/modules/kernel/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b
X-VCS-Branch: master
Date: Thu, 17 Dec 2015 16:10:39 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: b1c75d4e-e611-467f-8660-d1866543b7fe
X-Archives-Hash: 2fcd2537b1437421a724796a81d8b476

commit:     5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b
Author:     Laurent Bigonville <bigon <AT> bigon <DOT> be>
AuthorDate: Fri Dec 11 13:03:36 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Dec 17 15:25:22 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5eb6ba4f

Add interfaces to read/write /proc/sys/vm/overcommit_memory

 policy/modules/kernel/kernel.if | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index df42fa3..5f2f78e 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -3341,3 +3341,43 @@ interface(`kernel_unconfined',`
 	typeattribute $1 kern_unconfined;
 	kernel_load_module($1)
 ')
+
+########################################
+## <summary>
+##	Read virtual memory overcommit sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`kernel_read_vm_overcommit_sysctl',`
+	gen_require(`
+		type sysctl_vm_overcommit_t;
+	')
+
+	kernel_search_vm_sysctl($1)
+	allow $1 sysctl_vm_overcommit_t:file read_file_perms;
+')
+
+########################################
+## <summary>
+##	Read and write virtual memory overcommit sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`kernel_rw_vm_overcommit_sysctl',`
+	gen_require(`
+		type sysctl_vm_overcommit_t;
+	')
+
+	kernel_search_vm_sysctl($1)
+	allow $1 sysctl_vm_overcommit_t:file rw_file_perms;
+')


From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-852005-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 764EA1388C2
	for <garchives@archives.gentoo.org>; Thu, 17 Dec 2015 18:49:46 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B5C1DE0882;
	Thu, 17 Dec 2015 18:49:45 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E8911E0874
	for <gentoo-commits@lists.gentoo.org>; Thu, 17 Dec 2015 18:49:44 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id D9B1A33FEB1
	for <gentoo-commits@lists.gentoo.org>; Thu, 17 Dec 2015 18:49:43 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id DD9F3CE9
	for <gentoo-commits@lists.gentoo.org>; Thu, 17 Dec 2015 18:49:41 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1450365922.5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/kernel/kernel.if
X-VCS-Directories: policy/modules/kernel/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b
X-VCS-Branch: next
Date: Thu, 17 Dec 2015 18:49:41 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 505bfa60-3138-4f13-aad9-bb76c997a536
X-Archives-Hash: ff5856dd7774c1c4e93461bd8943a265
Message-ID: <20151217184941.oSaaciy9vDNA9yFNKuxLNsqmUJjvtLcApVeetgjv7gI@z>

commit:     5eb6ba4f89dbcd6b1c5c4e394164aa989c1d140b
Author:     Laurent Bigonville <bigon <AT> bigon <DOT> be>
AuthorDate: Fri Dec 11 13:03:36 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Dec 17 15:25:22 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5eb6ba4f

Add interfaces to read/write /proc/sys/vm/overcommit_memory

 policy/modules/kernel/kernel.if | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index df42fa3..5f2f78e 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -3341,3 +3341,43 @@ interface(`kernel_unconfined',`
 	typeattribute $1 kern_unconfined;
 	kernel_load_module($1)
 ')
+
+########################################
+## <summary>
+##	Read virtual memory overcommit sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`kernel_read_vm_overcommit_sysctl',`
+	gen_require(`
+		type sysctl_vm_overcommit_t;
+	')
+
+	kernel_search_vm_sysctl($1)
+	allow $1 sysctl_vm_overcommit_t:file read_file_perms;
+')
+
+########################################
+## <summary>
+##	Read and write virtual memory overcommit sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`kernel_rw_vm_overcommit_sysctl',`
+	gen_require(`
+		type sysctl_vm_overcommit_t;
+	')
+
+	kernel_search_vm_sysctl($1)
+	allow $1 sysctl_vm_overcommit_t:file rw_file_perms;
+')