[ovs-dev] [PATCH] selinux: changes to support newer hugetlbfs restrictions
aconole at redhat.com
Fri Jul 27 18:06:59 UTC 2018
Aaron Conole <aconole at redhat.com> writes:
> Newer selinux base policies now split out 'map' actions, as well as
> adding more explicit checks for hugetlbfs objects. Where previously these
> weren't required, recent changes have flagged the allocation of hugepages
> and subsequent clearing. This means that the hugepage storage information
> for the DPDK .rte_config, and clearing actions copying from /dev/zero will
> trigger selinux denials.
> This commit allows openvswitch to have more permissions for the hugetlbfs
> allocation and use.
> Signed-off-by: Aaron Conole <aconole at redhat.com>
More information about the dev