RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-03-25 04:26:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
ca5f1a5662
selinux-refpolicy/policy/modules
History
Dave Sugar ca5f1a5662 Allow systemd-modules-load to search kernel keys 
I was seeing the following errors from systemd-modules-load without this search permission.

Dec  7 14:36:19 systemd-modules-load: Failed to insert 'nf_conntrack_ftp': Required key not available
Dec  7 14:36:19 kernel: Request for unknown module key 'Red Hat Enterprise Linux kernel signing key: 3ffb026dadef6e0bc404752a7e7c29095a68eab7' err -13
Dec  7 14:36:19 systemd: systemd-modules-load.service: main process exited, code=exited, status=1/FAILURE
Dec  7 14:36:19 audispd: node=loacalhost type=PROCTITLE msg=audit(1607351779.441:3259): proctitle="/usr/lib/systemd/systemd-modules-load"
Dec  7 14:36:19 systemd: Failed to start Load Kernel Modules.

This is the denial:

Dec  7 15:56:52 audispd: node=localhost type=AVC msg=audit(1607356612.877:3815): avc:  denied { search } for  pid=11715 comm="systemd-modules" scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=key permissive=1

Signed-off-by: Dave Sugar <dsugar@tresys.com>
2020-12-08 10:51:44 -05:00
..
admin various: Module version bump. 2020-11-22 14:03:11 -05:00
apps various: Module version bump. 2020-08-28 15:30:52 -04:00
kernel Allow systemd-modules-load to search kernel keys 2020-12-08 10:51:44 -05:00
roles Bump module versions for release. 2020-08-18 09:09:10 -04:00
services various: Module version bump. 2020-11-22 14:03:11 -05:00
system Allow systemd-modules-load to search kernel keys 2020-12-08 10:51:44 -05:00