[ovs-dev] [PATCH] selinux: changes to support newer hugetlbfs restrictions

Aaron Conole aconole at redhat.com
Fri Jul 27 18:06:59 UTC 2018

Aaron Conole <aconole at redhat.com> writes:

> Newer selinux base policies now split out 'map' actions, as well as
> adding more explicit checks for hugetlbfs objects.  Where previously these
> weren't required, recent changes have flagged the allocation of hugepages
> and subsequent clearing.  This means that the hugepage storage information
> for the DPDK .rte_config, and clearing actions copying from /dev/zero will
> trigger selinux denials.
> This commit allows openvswitch to have more permissions for the hugetlbfs
> allocation and use.
> Signed-off-by: Aaron Conole <aconole at redhat.com>
> ---


More information about the dev mailing list