[refpolicy] [ tuned patch 1/1] Fixes for tuned domain.

Dominick Grift domg472 at gmail.com
Mon Oct 26 09:19:42 CDT 2009


tuned.te: Style fixes.
tuned.if: Add description.
tuned.if: Remove obsolete tuned_initrc_exec_t type requirement.

Signed-off-by: Dominick Grift <domg472 at gmail.com>
---
:100644 100644 25b2435... 271a341... M	policy/modules/services/tuned.if
:100644 100644 b54ead0... d4f5702... M	policy/modules/services/tuned.te
 policy/modules/services/tuned.if |   10 +++++++++-
 policy/modules/services/tuned.te |    4 ++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/policy/modules/services/tuned.if b/policy/modules/services/tuned.if
index 25b2435..271a341 100644
--- a/policy/modules/services/tuned.if
+++ b/policy/modules/services/tuned.if
@@ -1,4 +1,13 @@
 ## <summary>Dynamic adaptive system tuning daemon</summary>
+## <desc>
+##      <p>
+##	The tuned package contains a daemon that tunes system settings dynamically.
+##	It does so by monitoring the usage of several system components periodically.
+##	Based on that information components will then be put into lower or higher
+##	power saving modes to adapt to the current usage. Currently only ethernet
+##	network and ATA harddisk devices are implemented.
+##      </p>
+## </desc>
 
 ########################################
 ## <summary>
@@ -113,7 +122,6 @@ interface(`tuned_initrc_domtrans',`
 interface(`tuned_admin',`
 	gen_require(`
 		type tuned_t, tuned_var_run_t;
-		type tuned_initrc_exec_t;
 	')
 
 	allow $1 tuned_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/tuned.te b/policy/modules/services/tuned.te
index b54ead0..d4f5702 100644
--- a/policy/modules/services/tuned.te
+++ b/policy/modules/services/tuned.te
@@ -28,16 +28,16 @@ files_pid_filetrans(tuned_t, tuned_var_run_t, file)
 
 corecmd_exec_shell(tuned_t)
 
-kernel_read_system_state(tuned_t)
 kernel_read_network_state(tuned_t)
+kernel_read_system_state(tuned_t)
 
 dev_read_sysfs(tuned_t)
 # to allow cpu tuning
 dev_rw_netcontrol(tuned_t)
 
+files_dontaudit_search_home(tuned_t)
 files_read_etc_files(tuned_t)
 files_read_usr_files(tuned_t)
-files_dontaudit_search_home(tuned_t)
 
 miscfiles_read_localization(tuned_t)
 
-- 
1.6.5.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20091026/c9d903f1/attachment.bin 


More information about the refpolicy mailing list