2012-09-13 11:44:35

by Laurent Bigonville

[permalink] [raw]
Subject: [refpolicy] [PATCH] Add insmod_exec_t label for kmod executable

From: Laurent Bigonville <[email protected]>

lsmod, rmmod, insmod, modinfo, modprobe and depmod are now symlinks to
the kmod executable
---
policy/modules/system/modutils.fc | 2 ++
1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc
index 2410551..31f1378 100644
--- a/policy/modules/system/modutils.fc
+++ b/policy/modules/system/modutils.fc
@@ -20,3 +20,5 @@ ifdef(`distro_gentoo',`
/sbin/modules-update -- gen_context(system_u:object_r:update_modules_exec_t,s0)
/sbin/rmmod.* -- gen_context(system_u:object_r:insmod_exec_t,s0)
/sbin/update-modules -- gen_context(system_u:object_r:update_modules_exec_t,s0)
+
+/(usr/)?bin/kmod -- gen_context(system_u:object_r:insmod_exec_t,s0)
--
1.7.10.4


2012-10-02 15:01:29

by cpebenito

[permalink] [raw]
Subject: [refpolicy] [PATCH] Add insmod_exec_t label for kmod executable

On 09/13/12 07:44, Laurent Bigonville wrote:
> From: Laurent Bigonville <[email protected]>
>
> lsmod, rmmod, insmod, modinfo, modprobe and depmod are now symlinks to
> the kmod executable
> ---
> policy/modules/system/modutils.fc | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc
> index 2410551..31f1378 100644
> --- a/policy/modules/system/modutils.fc
> +++ b/policy/modules/system/modutils.fc
> @@ -20,3 +20,5 @@ ifdef(`distro_gentoo',`
> /sbin/modules-update -- gen_context(system_u:object_r:update_modules_exec_t,s0)
> /sbin/rmmod.* -- gen_context(system_u:object_r:insmod_exec_t,s0)
> /sbin/update-modules -- gen_context(system_u:object_r:update_modules_exec_t,s0)
> +
> +/(usr/)?bin/kmod -- gen_context(system_u:object_r:insmod_exec_t,s0)

Merged.

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com