RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow systemd_modules_load_t to module_request and map modules_object_t files 

[   10.685610] audit: type=1400 audit(1563706740.429:3): avc:  denied  { map } for  pid=394 comm="systemd-modules" path="/usr/lib/modules/4.19.0-5-amd64/kernel/drivers/parport/parport.ko" dev="dm-0" ino=795927 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file permissive=1
[   10.695021] audit: type=1400 audit(1563706740.437:5): avc:  denied  { module_request } for  pid=394 comm="systemd-modules" kmod="parport_lowlevel" scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=1

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
This commit is contained in:
Laurent Bigonville 2019-07-21 14:44:08 +02:00
parent 367fee0c01
commit 6b12bd3aca
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/systemd.te
View File

@ -624,11 +624,13 @@ optional_policy(`
# #
kernel_load_module(systemd_modules_load_t) kernel_load_module(systemd_modules_load_t)
kernel_request_load_module(systemd_modules_load_t)
files_read_etc_files(systemd_modules_load_t) files_read_etc_files(systemd_modules_load_t)
modutils_read_module_config(systemd_modules_load_t) modutils_read_module_config(systemd_modules_load_t)
modutils_read_module_deps(systemd_modules_load_t) modutils_read_module_deps(systemd_modules_load_t)
modutils_read_module_objects(systemd_modules_load_t)
systemd_log_parse_environment(systemd_modules_load_t) systemd_log_parse_environment(systemd_modules_load_t)