• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1type rss_hwm_reset_exec, system_file_type, exec_type, file_type;
2
3# Start rss_hwm_reset from init.
4init_daemon_domain(rss_hwm_reset)
5
6# Search /proc/pid directories.
7allow rss_hwm_reset domain:dir search;
8
9# Write to /proc/pid/clear_refs of other processes.
10# /proc/pid/clear_refs is S_IWUSER, see: fs/proc/base.c
11allow rss_hwm_reset self:global_capability_class_set { dac_override };
12
13# Write to /prc/pid/clear_refs.
14allow rss_hwm_reset domain:file w_file_perms;
15