From mboxrd@z Thu Jan  1 00:00:00 1970
From: mgrepl@redhat.com (Miroslav Grepl)
Date: Fri, 03 Apr 2015 15:47:52 +0200
Subject: [refpolicy] How to handle glibc-triggered behavior?
In-Reply-To: <54B3D43A.5060203@tresys.com>
References: <20141221121526.GA5564@siphos.be> <54B3D43A.5060203@tresys.com>
Message-ID: <551E9A08.8080008@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 01/12/2015 03:03 PM, Christopher J. PeBenito wrote:
> t seem to be very concerning

We have

# /proc/sys/vm/overcommit_memory
type sysctl_vm_overcommit_t, sysctl_type;
genfscon proc /sys/vm/overcommit_memory
gen_context(system_u:object_r:sysctl_vm_overcommit_t,s0)

and

kernel_read_vm_overcommit_sysctls(domain)

for this case in Fedora.

-- 
Miroslav Grepl
Software Engineering, SELinux Solutions
Red Hat, Inc.