RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-03-30 23:36:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
ca5f1a5662
selinux-refpolicy/policy/modules/system
History
Dave Sugar ca5f1a5662 Allow systemd-modules-load to search kernel keys 
I was seeing the following errors from systemd-modules-load without this search permission.

Dec  7 14:36:19 systemd-modules-load: Failed to insert 'nf_conntrack_ftp': Required key not available
Dec  7 14:36:19 kernel: Request for unknown module key 'Red Hat Enterprise Linux kernel signing key: 3ffb026dadef6e0bc404752a7e7c29095a68eab7' err -13
Dec  7 14:36:19 systemd: systemd-modules-load.service: main process exited, code=exited, status=1/FAILURE
Dec  7 14:36:19 audispd: node=loacalhost type=PROCTITLE msg=audit(1607351779.441:3259): proctitle="/usr/lib/systemd/systemd-modules-load"
Dec  7 14:36:19 systemd: Failed to start Load Kernel Modules.

This is the denial:

Dec  7 15:56:52 audispd: node=localhost type=AVC msg=audit(1607356612.877:3815): avc:  denied { search } for  pid=11715 comm="systemd-modules" scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=key permissive=1

Signed-off-by: Dave Sugar <dsugar@tresys.com>
2020-12-08 10:51:44 -05:00
..
application.fc
application.if Fix several misspellings 2020-08-13 14:08:58 +02:00
application.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
authlogin.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
authlogin.if selint: fix S-010 2020-08-28 17:39:09 +02:00
authlogin.te various: Module version bump. 2020-08-28 15:30:52 -04:00
clock.fc
clock.if
clock.te
daemontools.fc
daemontools.if
daemontools.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
fstools.fc fstools: add zfs-auto-snapshot 2020-02-17 13:25:59 -05:00
fstools.if
fstools.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
getty.fc
getty.if
getty.te various: Module version bump. 2020-11-22 14:03:11 -05:00
hostname.fc
hostname.if
hostname.te
hotplug.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
hotplug.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
hotplug.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
init.fc init: upstream fcontexts from gentoo policy 2020-11-22 14:00:34 -05:00
init.if systemd: Rename systemd_connectto_socket_proxyd_unix_sockets() to systemd_stream_connect_socket_proxyd(). 2020-12-04 13:31:22 -05:00
init.te init, systemd: Module version bump. 2020-12-04 13:32:57 -05:00
ipsec.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
ipsec.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
ipsec.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
iptables.fc
iptables.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
iptables.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
iscsi.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
iscsi.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
iscsi.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
libraries.fc chromium/libraries: move lib_t filecontext to defining module 2020-05-12 20:09:44 +02:00
libraries.if
libraries.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
locallogin.fc
locallogin.if
locallogin.te corecommands, dbus, locallogin, logging, sysnetwork, systemd, udev: Module version bump. 2020-09-22 08:27:05 -04:00
logging.fc files/logging: move var_run_t filecontext to defining module 2020-05-12 20:09:44 +02:00
logging.if selint: fix S-010 2020-08-28 17:39:09 +02:00
logging.te corecommands, dbus, locallogin, logging, sysnetwork, systemd, udev: Module version bump. 2020-09-22 08:27:05 -04:00
lvm.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
lvm.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
lvm.te lvm: Module version bump. 2020-11-09 11:45:32 -05:00
metadata.xml
miscfiles.fc files/miscfiles: move usr_t filecontext to defining module 2020-05-12 20:09:44 +02:00
miscfiles.if userdomain: Add watch on home dirs 2020-11-22 14:00:34 -05:00
miscfiles.te various: Module version bump. 2020-11-22 14:03:11 -05:00
modutils.fc files/modutils: unify modules_object_t usage into files module 2020-08-13 21:23:43 +02:00
modutils.if files/modutils: unify modules_object_t usage into files module 2020-08-13 21:23:43 +02:00
modutils.te Allow systemd-modules-load to search kernel keys 2020-12-08 10:51:44 -05:00
mount.fc mount: label fusermount3 like fusermount 2020-01-26 18:47:33 +01:00
mount.if whitespace cleanup 2020-08-13 14:34:57 +02:00
mount.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
netlabel.fc
netlabel.if
netlabel.te
pcmcia.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
pcmcia.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
pcmcia.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
raid.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
raid.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
raid.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
selinuxutil.fc
selinuxutil.if Fix mismatches between object class and permission macro. 2020-04-20 15:46:33 -04:00
selinuxutil.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
setrans.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
setrans.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
setrans.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
sysnetwork.fc whitespace cleanup 2020-08-13 14:34:57 +02:00
sysnetwork.if sysnetwork: allow to read network configuration files 2020-09-18 14:34:34 +02:00
sysnetwork.te corecommands, dbus, locallogin, logging, sysnetwork, systemd, udev: Module version bump. 2020-09-22 08:27:05 -04:00
systemd.fc added policy for systemd-socket-proxyd 2020-12-02 17:38:00 +11:00
systemd.if systemd: Rename systemd_connectto_socket_proxyd_unix_sockets() to systemd_stream_connect_socket_proxyd(). 2020-12-04 13:31:22 -05:00
systemd.te init, systemd: Module version bump. 2020-12-04 13:32:57 -05:00
udev.fc udev: remove console-setup 2020-02-04 19:26:43 +01:00
udev.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
udev.te corecommands, dbus, locallogin, logging, sysnetwork, systemd, udev: Module version bump. 2020-09-22 08:27:05 -04:00
unconfined.fc Remove the ada module, it is unecessary and not touched since ~2008 2020-06-15 14:47:14 +02:00
unconfined.if unconfined: clarify unconfined_t stub usage in unconfined_domain_noaudit() 2020-05-11 21:42:50 +02:00
unconfined.te Bump module versions for release. 2020-08-18 09:09:10 -04:00
userdomain.fc
userdomain.if userdomain: Add watch on home dirs 2020-11-22 14:00:34 -05:00
userdomain.te various: Module version bump. 2020-11-22 14:03:11 -05:00
xdg.fc
xdg.if userdomain: Add watch on home dirs 2020-11-22 14:00:34 -05:00
xdg.te various: Module version bump. 2020-11-22 14:03:11 -05:00
xen.fc Rename *_var_run_t types to *_runtime_t. 2019-09-30 20:02:43 -04:00
xen.if Update callers for "pid" to "runtime" interface rename. 2020-06-28 16:03:45 -04:00
xen.te filesystem, xen: Module version bump. 2020-11-05 06:55:25 -05:00