From: pebenito@ieee.org (Chris PeBenito)
Date: Tue, 6 Dec 2016 19:59:41 -0500
Subject: [refpolicy] [PATCH 1/2] system/modutils: Add
 kernel_search_key(kmod_t)
In-Reply-To: <20161127164146.3773-1-aranea@aixah.de>
References: <20161127164146.3773-1-aranea@aixah.de>
Message-ID: <7c6170f3-b3bc-f642-f485-6a5a8d7e5352@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/27/16 11:41, Luis Ressel via refpolicy wrote:
> This permission is currently granted in an ifdef(systemd) block, but
> it's also required on non-systemd systems if signed kernel modules are
> being used.
> ---
>  policy/modules/system/modutils.te | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
> index 3bf9bff..afe11af 100644
> --- a/policy/modules/system/modutils.te
> +++ b/policy/modules/system/modutils.te
> @@ -111,9 +111,9 @@ userdom_dontaudit_search_user_home_dirs(kmod_t)
>
>  kernel_domtrans_to(kmod_t, kmod_exec_t)
>
> -ifdef(`init_systemd',`
> -	kernel_search_key(kmod_t)
> +kernel_search_key(kmod_t)
>
> +ifdef(`init_systemd',`
>  	init_rw_stream_sockets(kmod_t)
>
>  	systemd_write_kmod_files(kmod_t)

Merged.

-- 
Chris PeBenito