RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

modutils: allow kmod_t to write keys 

Fixes:
$ modprobe cfg80211
kernel: cfg80211: Loading compiled-in X.509 certificates for regulatory database
kernel: cfg80211: Problem loading in-kernel X.509 certificate (-13)
kernel: cfg80211: loaded regulatory.db is malformed or signature is missing/invalid

avc:  denied  { write } for  pid=219 comm="modprobe"
scontext=system_u:system_r:kmod_t tcontext=system_u:system_r:kmod_t
tclass=key permissive=0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao 2021-02-09 17:31:55 +08:00
parent 23a8d103f3
commit b7258b3d6d
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/system/modutils.te
View File

@ -40,6 +40,7 @@ dontaudit kmod_t self:capability sys_admin;
allow kmod_t self:udp_socket create_socket_perms;
allow kmod_t self:rawip_socket create_socket_perms;
allow kmod_t self:key write;
# Read module config and dependency information
list_dirs_pattern(kmod_t, modules_conf_t, modules_conf_t)