From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A882713825A for ; Fri, 13 May 2016 05:37:39 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2EF0C21C065; Fri, 13 May 2016 05:37:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4560821C051 for ; Fri, 13 May 2016 05:37:27 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3EA67340A85 for ; Fri, 13 May 2016 05:37:26 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C6A4E96F for ; Fri, 13 May 2016 05:37:22 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1463116053.8f8722e0e188680bf9d1bc518e515685cd424667.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/, policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/roles/sysadm.te policy/modules/system/userdomain.if X-VCS-Directories: policy/modules/system/ policy/modules/roles/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 8f8722e0e188680bf9d1bc518e515685cd424667 X-VCS-Branch: master Date: Fri, 13 May 2016 05:37:22 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: a8c8e009-8582-41c0-a541-183f3eca1452 X-Archives-Hash: 4461d8dad52da5dac0e358eaa62a4c58 commit: 8f8722e0e188680bf9d1bc518e515685cd424667 Author: Dominick Grift gmail com> AuthorDate: Thu Apr 28 10:06:40 2016 +0000 Commit: Jason Zaman gentoo org> CommitDate: Fri May 13 05:07:33 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8f8722e0 Update refpolicy to handle hwloc The Portable Hardware Locality (hwloc) software package provides a portable abstraction (across OS, versions, architectures, ...) of the hierarchical topology of modern architectures, including NUMA memory nodes, sockets, shared caches, cores and simultaneous multithreading. It also gathers various system attributes such as cache and memory information as well as the locality of I/O devices such as network interfaces, InfiniBand HCAs or GPUs. Following changes enable: - add interface to change dirs in /var/run - add optional policies for hwloc-dump-hwdata V3: Remove files_rw_pid_dirs() Call hwloc_admin(sysadm_t) instead of hwloc_manage_runtime(sysadm_t) Adjust calls to renamed hwloc dhwd run and exec interfaces Signed-off-by: Dominick Grift gmail.com> policy/modules/roles/sysadm.te | 5 +++++ policy/modules/system/userdomain.if | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te index 6c46905..e9e3e43 100644 --- a/policy/modules/roles/sysadm.te +++ b/policy/modules/roles/sysadm.te @@ -458,6 +458,11 @@ optional_policy(` ') optional_policy(` + hwloc_admin(sysadm_t) + hwloc_run_dhwd(sysadm_t, sysadm_r) +') + +optional_policy(` howl_admin(sysadm_t, sysadm_r) ') diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index e341a1c..9284808 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -645,6 +645,11 @@ template(`userdom_common_user_template',` ') optional_policy(` + hwloc_exec_dhwd($1_t) + hwloc_read_runtime_files($1_t) + ') + + optional_policy(` inetd_use_fds($1_t) inetd_rw_tcp_sockets($1_t) ')