[ovs-dev] [PATCH] selinux: changes to support newer hugetlbfs restrictions

Aaron Conole aconole at redhat.com
Fri Jul 27 18:06:59 UTC 2018


Aaron Conole <aconole at redhat.com> writes:

> Newer selinux base policies now split out 'map' actions, as well as
> adding more explicit checks for hugetlbfs objects.  Where previously these
> weren't required, recent changes have flagged the allocation of hugepages
> and subsequent clearing.  This means that the hugepage storage information
> for the DPDK .rte_config, and clearing actions copying from /dev/zero will
> trigger selinux denials.
>
> This commit allows openvswitch to have more permissions for the hugetlbfs
> allocation and use.
>
> Signed-off-by: Aaron Conole <aconole at redhat.com>
> ---

Ping?


More information about the dev mailing list