RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ifconfig should be able to read firmware files in /lib (i.e. some network 

cards need to load their firmware) and it should not audit attempts
to load kernel modules directly.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
This commit is contained in:
Chris PeBenito 2016-08-14 14:52:07 -04:00
parent 5481c1cc84
commit 6caa443d18
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/system/sysnetwork.te
View File

@ -265,6 +265,7 @@ optional_policy(`
# #
allow ifconfig_t self:capability { net_raw net_admin sys_admin sys_tty_config }; allow ifconfig_t self:capability { net_raw net_admin sys_admin sys_tty_config };
dontaudit ifconfig_t self:capability sys_module;
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack }; allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
allow ifconfig_t self:fd use; allow ifconfig_t self:fd use;
allow ifconfig_t self:fifo_file rw_fifo_file_perms; allow ifconfig_t self:fifo_file rw_fifo_file_perms;