commit: cfbef5930f7c84b0ec41c68727706ce8ee1cc763
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri Sep 15 15:35:38 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Sep 17 03:17:39 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=cfbef593
udev: map module objects to load kernel modules
denied { map } for pid=7850 comm="systemd-udevd"
path="/lib64/modules/4.13.0-gentoo/kernel/drivers/hid/hid-logitech-hidpp.ko"
dev="zfs" ino=709934 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:modules_object_t:s0 tclass=file permissive=0
policy/modules/system/udev.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 50c89daa..838e7e34 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -174,6 +174,7 @@ modutils_domtrans(udev_t)
modutils_read_module_config(udev_t)
# read modules.inputmap:
modutils_read_module_deps(udev_t)
+modutils_read_module_objects(udev_t)
seutil_read_config(udev_t)
seutil_read_default_contexts(udev_t)
