From: aranea@aixah.de (Luis Ressel) Date: Sun, 27 Nov 2016 23:30:54 +0100 Subject: [refpolicy] [PATCH 2/2] system/modutils: Allow kmod to use the sys_admin cap In-Reply-To: <20161127222218.1ae86825@gentp.lnet> References: <20161127164146.3773-1-aranea@aixah.de> <20161127164146.3773-2-aranea@aixah.de> <1480278785.620.4.camel@trentalancia.net> <20161127222218.1ae86825@gentp.lnet> Message-ID: <20161127233054.41f8f921@gentp.lnet> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 27 Nov 2016 22:22:18 +0100 Luis Ressel via refpolicy wrote: > Possible explanations in order of descending probability: > (1) Are you using another kmod version? > (2) GRSecurity (I think grsec sometimes requires specific capabilities > in situations where vanilla doesn't.) > (3) A difference between 4.8.8 and 4.8.10. I've checked the (short) list of places where grsec adds capable(CAP_SYS_ADMIN) requirements. None of them seem to be related to the pseudo filesystem used by the drm code. -- Luis Ressel