From: guido@trentalancia.com (Guido Trentalancia)
Date: Sun, 20 Mar 2011 15:53:13 +0100
Subject: [refpolicy] [PATCH]: dontaudit sys_module wpa_supplicant
In-Reply-To: <201103201812.14967.russell@coker.com.au>
References: <0Cz62XCZ8hNS.j4bfZvpJ@mail.posta.tim.it>
	<201103201812.14967.russell@coker.com.au>
Message-ID: <1300632793.28926.5.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 2011-03-20 at 18:12 +1100, Russell Coker wrote:
> On Sunday 20 March 2011 12:24:03 Guido Trentalancia wrote:
> > > Which kernel modules?
> > 
> > Should be kernel modules which provide cryptographic algorithms needed by
> > wpa_supplicant for certain authentication and encryption functions
> > employed in some wireless ethernet protocols.
> 
> Sounds like we want to allow the wpa_suplicant to do this.

Not everybody likes that to happen. And surely there must be a good
reason for having a "neverallow" rule in kernel/kernel.te which blocks
everything.

See Bug#515136 on Debian but even more importantly Bug#684415 on Fedora.

If there are specific requirements from different distributions we can
use ifdef(distro).

Regards,

Guido