nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4d8e9ffcb3
selinux-refpolicy/policy
History
Harry Ciao 4d8e9ffcb3 Make mount_t able to request loading kernel module. 
Make the mount domain able to request kernel to load a kernel module.
Otherwise the binfmt_misc kernel module won't be properly loaded
during system booting up.

type=1400 audit(1292850971.104:4): avc:  denied  { module_request } for  pid=87 comm="mount" kmod="devtmpfs" scontext=system_u:system_r:mount_t:s0-s15:c0.c1023 tcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclass=system

type=1400 audit(1292851024.844:13): avc:  denied  { module_request } for  pid=409 comm="mount" kmod="binfmt_misc" scontext=system_u:system_r:mount_t:s0-s15:c0.c1023 tcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclass=system

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2011-01-10 10:20:21 -05:00
..
flask Add module_request permission, from Dan Walsh. 2009-11-19 08:52:06 -05:00
modules Make mount_t able to request loading kernel module. 2011-01-10 10:20:21 -05:00
support Add tun_socket ubac constraint and add tun_socket to socket_class_set. 2010-11-11 09:48:43 -05:00
constraints Add tun_socket ubac constraint and add tun_socket to socket_class_set. 2010-11-11 09:48:43 -05:00
global_booleans
global_tunables remove read_default_t tunable 2009-07-23 08:58:35 -04:00
mcs revise MCS constraints to use only MCS-specific attributes. 2009-10-07 11:48:14 -04:00
mls Add trusted object condition to unix socket connectto/sendto, to fix label translation. 2010-04-29 11:29:39 -04:00
policy_capabilities
rolemap
users Typo in policy/users 2009-12-18 08:51:58 -05:00