From: bigon@debian.org (Laurent Bigonville) Date: Tue, 4 Sep 2012 23:21:09 +0200 Subject: [refpolicy] [PATCH 3/3] Allow iptables_t to do module_request In-Reply-To: <1346793669-26282-1-git-send-email-bigon@debian.org> References: <1346793669-26282-1-git-send-email-bigon@debian.org> Message-ID: <1346793669-26282-3-git-send-email-bigon@debian.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com From: Mika Pfl?ger --- policy/modules/system/iptables.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te index 0646ee7..6f2fb69 100644 --- a/policy/modules/system/iptables.te +++ b/policy/modules/system/iptables.te @@ -30,6 +30,7 @@ files_pid_file(iptables_var_run_t) # Iptables local policy # +kernel_request_load_module(iptables_t) allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw }; dontaudit iptables_t self:capability sys_tty_config; allow iptables_t self:fifo_file rw_fifo_file_perms; -- 1.7.10.4