From: russell@coker.com.au (Russell Coker)
Date: Sun, 31 Jul 2016 19:48:15 +1000
Subject: [refpolicy]   [PATCH] ifconfig loads kernel modules
Message-ID: <20160731094815.hnl6jvjkbi77vwoc@athena.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The following patch allows ifconfig to trigger module loads.


diff -ruN /home/rjc/src/pol-git/policy/modules/system/sysnetwork.te ./policy/modules/system/sysnetwork.te
--- /home/rjc/src/pol-git/policy/modules/system/sysnetwork.te	2016-07-28 20:33:39.971961928 +1000
+++ ./policy/modules/system/sysnetwork.te	2016-07-31 19:47:25.822898970 +1000
@@ -261,6 +261,7 @@
 # Ifconfig local policy
 #
 
+kernel_load_module(ifconfig_t)
 allow ifconfig_t self:capability { net_raw net_admin sys_admin sys_tty_config };
 allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
 allow ifconfig_t self:fd use;