## Dump topology and locality information from hardware tables.
########################################
##
## Execute hwloc dhwd in the hwloc dhwd domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`hwloc_domtrans_dhwd',`
gen_require(`
type hwloc_dhwd_t, hwloc_dhwd_exec_t;
')
domtrans_pattern($1, hwloc_dhwd_exec_t, hwloc_dhwd_t)
')
########################################
##
## Execute hwloc dhwd in the hwloc dhwd domain, and
## allow the specified role the hwloc dhwd domain,
##
##
##
## Domain allowed to transition.
##
##
##
##
## Role allowed access.
##
##
##
#
interface(`hwloc_run_dhwd',`
gen_require(`
attribute_role hwloc_dhwd_roles;
')
hwloc_domtrans_dhwd($1)
roleattribute $2 hwloc_dhwd_roles;
')
########################################
##
## Execute hwloc dhwd in the caller domain.
##
##
##
## Domain allowed access.
##
##
#
interface(`hwloc_exec_dhwd',`
gen_require(`
type hwloc_dhwd_exec_t;
')
can_exec($1, hwloc_dhwd_exec_t)
')
########################################
##
## Read hwloc runtime files.
##
##
##
## Domain allowed access.
##
##
#
interface(`hwloc_read_runtime_files',`
gen_require(`
type hwloc_var_run_t;
')
files_search_pids($1)
read_files_pattern($1, hwloc_var_run_t, hwloc_var_run_t)
')
########################################
##
## All of the rules required to
## administrate an hwloc environment.
##
##
##
## Domain allowed access.
##
##
##
#
interface(`hwloc_admin',`
gen_require(`
type hwloc_dhwd_t, hwloc_var_run_t;
')
allow $1 hwloc_dhwd_t:process { signal_perms };
ps_process_pattern($1, hwloc_dhwd_t)
tunable_policy(`deny_ptrace',`',`
allow $1 hwloc_dhwd_t:process ptrace;
')
admin_pattern($1, hwloc_var_run_t)
files_pid_filetrans($1, hwloc_var_run_t, dir, "hwloc")
')