From 5b02b44e51996d61e1aa03921785d767d6d0e0d8 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <chpebeni@linux.microsoft.com>
Date: Thu, 29 Feb 2024 10:14:01 -0500
Subject: [PATCH] xen: Revoke kernel module loading permissions.

This domain also calls kernel_request_load_module(), which should be
sufficient.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
---
 policy/modules/system/xen.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te
index 5311f3a34..d633dfef7 100644
--- a/policy/modules/system/xen.te
+++ b/policy/modules/system/xen.te
@@ -500,7 +500,6 @@ xen_stream_connect_xenstore(xm_t)
 
 can_exec(xm_t, xm_exec_t)
 
-kernel_load_module(xm_t)
 kernel_request_load_module(xm_t)
 kernel_read_system_state(xm_t)
 kernel_read_network_state(xm_t)