From: aranea@aixah.de (Luis Ressel)
Date: Sun, 27 Nov 2016 22:55:43 +0100
Subject: [refpolicy] [PATCH 2/2] system/modutils: Allow kmod to use the
 sys_admin cap
In-Reply-To: <20161127222218.1ae86825@gentp.lnet>
References: <20161127164146.3773-1-aranea@aixah.de>
	<20161127164146.3773-2-aranea@aixah.de>
	<1480278785.620.4.camel@trentalancia.net>
	<20161127222218.1ae86825@gentp.lnet>
Message-ID: <20161127225543.49cc6698@gentp.lnet>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

By the way, I just had a quick look at the relevant kernel code. Those
error messages are printed by drivers/gpu/drm/drm_drv.c:drm_dev_init().
I assume one of the security_sb_... calls in fs/super.c:mount_fs()
checks for CAP_SYS_ADMIN and subsequently returns -EPERM.

I haven't noticed any relevant differences between my kernel and
vanilla 4.8. They might be hidden in one of the aforementioned
security_sb_... functions, though.

-- 
Regards,
Luis Ressel