The "module_load" permission has been recently added to the "system"
class (kernel 4.7).
The following patch updates the Reference Policy so that the new
permission can be used to create SELinux policies.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/flask/access_vectors | 1 +
1 file changed, 1 insertion(+)
--- refpolicy-git-06082016-orig/policy/flask/access_vectors 2016-08-06 21:26:43.271774009 +0200
+++ refpolicy-git-06082016/policy/flask/access_vectors 2016-08-07 21:08:07.750977409 +0200
@@ -448,6 +448,7 @@ class system
syslog_mod
syslog_console
module_request
+ module_load
# these are overloaded userspace
# permissions from systemd
On 08/07/16 17:07, Guido Trentalancia wrote:
> The "module_load" permission has been recently added to the "system"
> class (kernel 4.7).
>
> The following patch updates the Reference Policy so that the new
> permission can be used to create SELinux policies.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/flask/access_vectors | 1 +
> 1 file changed, 1 insertion(+)
>
> --- refpolicy-git-06082016-orig/policy/flask/access_vectors 2016-08-06 21:26:43.271774009 +0200
> +++ refpolicy-git-06082016/policy/flask/access_vectors 2016-08-07 21:08:07.750977409 +0200
> @@ -448,6 +448,7 @@ class system
> syslog_mod
> syslog_console
> module_request
> + module_load
>
> # these are overloaded userspace
> # permissions from systemd
Merged.
--
Chris PeBenito