From: aranea@aixah.de (Luis Ressel)
Date: Sun, 27 Nov 2016 17:41:45 +0100
Subject: [refpolicy] [PATCH 1/2] system/modutils: Add
	kernel_search_key(kmod_t)
Message-ID: <20161127164146.3773-1-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This permission is currently granted in an ifdef(systemd) block, but
it's also required on non-systemd systems if signed kernel modules are
being used.
---
 policy/modules/system/modutils.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 3bf9bff..afe11af 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -111,9 +111,9 @@ userdom_dontaudit_search_user_home_dirs(kmod_t)
 
 kernel_domtrans_to(kmod_t, kmod_exec_t)
 
-ifdef(`init_systemd',`
-	kernel_search_key(kmod_t)
+kernel_search_key(kmod_t)
 
+ifdef(`init_systemd',`
 	init_rw_stream_sockets(kmod_t)
 
 	systemd_write_kmod_files(kmod_t)
-- 
2.10.2