From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 10 Jan 2011 10:28:15 -0500
Subject: [refpolicy] One more fix for mount_t: able to request loading
	kernel module
In-Reply-To: <SNT139-w206F7935A899E7E79650DDAB1A0@phx.gbl>
References: <SNT139-w206F7935A899E7E79650DDAB1A0@phx.gbl>
Message-ID: <4D2B258F.5010709@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/20/10 22:53, HarryCiao wrote:
> Make the mount domain able to request kernel to load a kernel module.
> Otherwise the binfmt_misc kernel module won't be properly loaded
> during system booting up.

Merged.

> type=1400 audit(1292850971.104:4): avc: denied { module_request } for
> pid=87 comm="mount" kmod="devtmpfs"
> scontext=system_u:system_r:mount_t:s0-s15:c0.c1023
> tcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclass=system
>  
> type=1400 audit(1292851024.844:13): avc: denied { module_request } for
> pid=409 comm="mount" kmod="binfmt_misc"
> scontext=system_u:system_r:mount_t:s0-s15:c0.c1023
> tcontext=system_u:system_r:kernel_t:s15:c0.c1023 tclass=system


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com