The modprobe utility is sometimes used (for instance for ALSA) to request
the Linux kernel to load a module (through aliases) rather than explicitly
loading the module.
Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/system/modutils.te | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 74a4466..882b50c 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -119,6 +119,7 @@ read_files_pattern(insmod_t, modules_dep_t, modules_dep_t)
can_exec(insmod_t, insmod_exec_t)
kernel_load_module(insmod_t)
+kernel_request_load_module(insmod_t)
kernel_read_system_state(insmod_t)
kernel_read_network_state(insmod_t)
kernel_write_proc_files(insmod_t)
--
1.7.3.4
On 2/6/2011 9:27 AM, Sven Vermeulen wrote:
> The modprobe utility is sometimes used (for instance for ALSA) to request
> the Linux kernel to load a module (through aliases) rather than explicitly
> loading the module.
Merged.
> Signed-off-by: Sven Vermeulen<[email protected]>
> ---
> policy/modules/system/modutils.te | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
> index 74a4466..882b50c 100644
> --- a/policy/modules/system/modutils.te
> +++ b/policy/modules/system/modutils.te
> @@ -119,6 +119,7 @@ read_files_pattern(insmod_t, modules_dep_t, modules_dep_t)
> can_exec(insmod_t, insmod_exec_t)
>
> kernel_load_module(insmod_t)
> +kernel_request_load_module(insmod_t)
> kernel_read_system_state(insmod_t)
> kernel_read_network_state(insmod_t)
> kernel_write_proc_files(insmod_t)
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com