commit: 61ff9d660037e9010115f2d0ac61180673e377ac
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Sat Dec 17 18:08:40 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Jan 1 16:26:28 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=61ff9d66
udev: always enable kernel module loading
The udev daemon should be able to load kernel modules not only on
systems using systemd but also on systems using former versions of
the udev daemon.
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
policy/modules/system/udev.te | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index a774e61..760b4de 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -79,6 +79,7 @@ manage_lnk_files_pattern(udev_t, udev_var_run_t,
udev_var_run_t)
manage_sock_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
files_pid_filetrans(udev_t, udev_var_run_t, dir, "udev")
+kernel_load_module(udev_t)
kernel_read_system_state(udev_t)
kernel_request_load_module(udev_t)
kernel_getattr_core_if(udev_t)
@@ -220,8 +221,6 @@ ifdef(`distro_redhat',`
')
ifdef(`init_systemd',`
- kernel_load_module(udev_t)
-
files_search_kernel_modules(udev_t)
fs_read_cgroup_files(udev_t)
