Skip to content

Commit

Permalink
Add interfaces to read/write /proc/sys/vm/overcommit_memory
Browse files Browse the repository at this point in the history
  • Loading branch information
@bigon @pebenito
bigon authored and pebenito committed Dec 14, 2015
1 parent 6b1b2e3 commit 4340b9f
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions policy/modules/kernel/kernel.if
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3323,3 +3323,43 @@ interface(`kernel_unconfined',`
typeattribute $1 kern_unconfined;
kernel_load_module($1)
')

########################################
## <summary>
## Read virtual memory overcommit sysctl.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_read_vm_overcommit_sysctl',`
gen_require(`
type sysctl_vm_overcommit_t;
')

kernel_search_vm_sysctl($1)
allow $1 sysctl_vm_overcommit_t:file read_file_perms;
')

########################################
## <summary>
## Read and write virtual memory overcommit sysctl.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`kernel_rw_vm_overcommit_sysctl',`
gen_require(`
type sysctl_vm_overcommit_t;
')

kernel_search_vm_sysctl($1)
allow $1 sysctl_vm_overcommit_t:file rw_file_perms;
')

0 comments on commit 4340b9f

Please sign in to comment.