From: guido@trentalancia.com (Guido Trentalancia) Date: Sun, 20 Mar 2011 15:53:13 +0100 Subject: [refpolicy] [PATCH]: dontaudit sys_module wpa_supplicant In-Reply-To: <201103201812.14967.russell@coker.com.au> References: <0Cz62XCZ8hNS.j4bfZvpJ@mail.posta.tim.it> <201103201812.14967.russell@coker.com.au> Message-ID: <1300632793.28926.5.camel@tesla.lan> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 2011-03-20 at 18:12 +1100, Russell Coker wrote: > On Sunday 20 March 2011 12:24:03 Guido Trentalancia wrote: > > > Which kernel modules? > > > > Should be kernel modules which provide cryptographic algorithms needed by > > wpa_supplicant for certain authentication and encryption functions > > employed in some wireless ethernet protocols. > > Sounds like we want to allow the wpa_suplicant to do this. Not everybody likes that to happen. And surely there must be a good reason for having a "neverallow" rule in kernel/kernel.te which blocks everything. See Bug#515136 on Debian but even more importantly Bug#684415 on Fedora. If there are specific requirements from different distributions we can use ifdef(distro). Regards, Guido