From: guido@trentalancia.com (Guido Trentalancia)
Date: Sun, 20 Mar 2011 02:24:03 +0100
Subject: [refpolicy] [PATCH]: dontaudit sys_module wpa_supplicant
Message-ID: <0Cz62XCZ8hNS.j4bfZvpJ@mail.posta.tim.it>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi Russell !

-- original message --
Subject: Re: [refpolicy] [PATCH]: dontaudit sys_module wpa_supplicant
From: Russell Coker <russell@coker.com.au>
Date: 20/03/2011 01:11

On Sun, 20 Mar 2011, Guido Trentalancia <guido@trentalancia.com> wrote:
> wpa_supplicant (NetworkManager_t) tries to load kernel modules. I think
> this is forbidden in the first place by a neverallow rule in
> kernel/kernel.te. So the following patch simply "dontaudit" sys_module
> requests from wpa_supplicant (and NetworkManager).

> Which kernel modules?

Should be kernel modules which provide cryptographic algorithms needed by wpa_supplicant for certain authentication and encryption functions employed in some wireless ethernet protocols.

Regards,

Guido