From: guido@trentalancia.net (Guido Trentalancia) Date: Sun, 27 Nov 2016 23:31:21 +0100 Subject: [refpolicy] [PATCH 2/2] system/modutils: Allow kmod to use the sys_admin cap In-Reply-To: <20161127222218.1ae86825@gentp.lnet> References: <20161127164146.3773-1-aranea@aixah.de> <20161127164146.3773-2-aranea@aixah.de> <1480278785.620.4.camel@trentalancia.net> <20161127222218.1ae86825@gentp.lnet> Message-ID: <1480285881.620.14.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello. On Sun, 27/11/2016 at 22.22 +0100, Luis Ressel wrote: > On Sun, 27 Nov 2016 21:33:05 +0100 > Guido Trentalancia via refpolicy wrote: > > > > > Hello. > > > > I have the same graphic card and I am not experiencing this problem > > with kernel 4.8.8... > > > > Strange, are you using vanilla kernels ? > > > > Not exactly. I'm using Gentoo's hardened-sources kernel, which > incorporates the GRSecurity/PaX patchset and some minor distro- > specific > patches. The exact kernel version I'm using is 4.8.10; on the > userland > side, I'm using kmod 22. > > The problem arises on both of my development systems; they're using > the > i915 and the radeon driver, respectively. So it's indeed interesting > that this problem doesn't manifest itself on your system. Possible > explanations in order of descending probability: > (1) Are you using another kmod version? No, I am using the same 22 version. > (2) GRSecurity (I think grsec sometimes requires specific > capabilities > ????in situations where vanilla doesn't.) If it is specific to Gentoo, you should enclose the new permissions within an ifdef block. Also, do you have an official bug report in Gentoo ? > (3) A difference between 4.8.8 and 4.8.10. There is no evidence of such a change in ChangeLog-4.8.9 and ChangeLog- 4.8.10. >From the error message that you quoted, it sounds like a call to fs/libfs.c:simple_pin_fs() fails in drivers/gpu/drm/drm_drv.c. However, without further evidence, I would not recommend granting the sys_admin permission. Regards, Guido