RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/kernel
History
Dave Sugar ca5f1a5662 Allow systemd-modules-load to search kernel keys 
I was seeing the following errors from systemd-modules-load without this search permission.

Dec  7 14:36:19 systemd-modules-load: Failed to insert 'nf_conntrack_ftp': Required key not available
Dec  7 14:36:19 kernel: Request for unknown module key 'Red Hat Enterprise Linux kernel signing key: 3ffb026dadef6e0bc404752a7e7c29095a68eab7' err -13
Dec  7 14:36:19 systemd: systemd-modules-load.service: main process exited, code=exited, status=1/FAILURE
Dec  7 14:36:19 audispd: node=loacalhost type=PROCTITLE msg=audit(1607351779.441:3259): proctitle="/usr/lib/systemd/systemd-modules-load"
Dec  7 14:36:19 systemd: Failed to start Load Kernel Modules.

This is the denial:

Dec  7 15:56:52 audispd: node=localhost type=AVC msg=audit(1607356612.877:3815): avc:  denied { search } for  pid=11715 comm="systemd-modules" scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=key permissive=1

Signed-off-by: Dave Sugar <dsugar@tresys.com>
 		2020-12-08 10:51:44 -05:00
..
corecommands.fc corecommands: add entry for Busybox shell 2020-09-21 16:25:09 +02:00
corecommands.if Fix several misspellings 2020-08-13 14:08:58 +02:00
corecommands.te corecommands, dbus, locallogin, logging, sysnetwork, systemd, udev: Module version bump. 2020-09-22 08:27:05 -04:00
corenetwork.fc Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
corenetwork.if.in Fix several misspellings 2020-08-13 14:08:58 +02:00
corenetwork.if.m4 Allow systemd-networkd to handle ICMP and DHCP packets 2020-04-22 15:46:56 +03:00
corenetwork.te.in Bump module versions for release. 2020-08-18 09:09:10 -04:00
corenetwork.te.m4 work on SELint issues 2020-08-13 21:23:43 +02:00
devices.fc Fix several misspellings 2020-08-13 14:08:58 +02:00
devices.if Add selinux-policy for systemd-pstore service 2020-10-09 03:20:09 +00:00
devices.te devices, filesystem, systemd, ntp: Module version bump. 2020-10-09 09:45:11 -04:00
domain.fc
domain.if Merge pull request #296 from cgzones/diff-check 2020-08-13 09:19:48 -04:00
domain.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
files.fc files/modutils: unify modules_object_t usage into files module 2020-08-13 21:23:43 +02:00
files.if selint: fix S-010 2020-08-28 17:39:09 +02:00
files.te various: Module version bump. 2020-08-28 15:30:52 -04:00
filesystem.fc filesystem: pathcon for matching tracefs mount 2020-05-27 11:51:36 +02:00
filesystem.if xen: Allow xenstored to map /proc/xen/xsd_kva 2020-11-05 06:55:17 -05:00
filesystem.te filesystem, xen: Module version bump. 2020-11-05 06:55:25 -05:00
kernel.fc
kernel.if selint: fix S-010 2020-08-28 17:39:09 +02:00
kernel.te Allow systemd-modules-load to search kernel keys 2020-12-08 10:51:44 -05:00
mcs.fc
mcs.if
mcs.te
metadata.xml
mls.fc
mls.if Fix several misspellings 2020-08-13 14:08:58 +02:00
mls.te Bump module versions for release. 2019-02-01 15:03:42 -05:00
selinux.fc
selinux.if selinux: add selinux_use_status_page and deprecate selinux_map_security_files 2020-09-09 21:00:47 +02:00
selinux.te selinux, init, systemd, rpm: Module version bump. 2020-09-09 16:55:06 -04:00
storage.fc devices, storage: Add fc entries for mtd char devices and ndctl devices. 2019-07-16 16:38:43 -04:00
storage.if Fix several misspellings 2020-08-13 14:08:58 +02:00
storage.te various: Module version bump. 2020-08-28 15:30:52 -04:00
terminal.fc Remove old exception 2020-02-23 17:52:54 +01:00
terminal.if selint: fix S-010 2020-08-28 17:39:09 +02:00
terminal.te various: Module version bump. 2020-08-28 15:30:52 -04:00
ubac.fc
ubac.if
ubac.te whitespace cleanup 2020-08-13 14:34:57 +02:00