From: pebenito@ieee.org (Chris PeBenito)
Date: Sat, 16 Sep 2017 13:15:02 -0400
Subject: [refpolicy] [PATCH 1/3] udev: map module objects to load kernel
 modules
In-Reply-To: <20170915171614.26581-1-jason@perfinion.com>
References: <20170915171614.26581-1-jason@perfinion.com>
Message-ID: <75d0a8f5-fc22-284f-8168-e1f5a1053b4f@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/15/2017 01:16 PM, Jason Zaman via refpolicy wrote:
> denied  { map } for  pid=7850 comm="systemd-udevd" path="/lib64/modules/4.13.0-gentoo/kernel/drivers/hid/hid-logitech-hidpp.ko" dev="zfs" ino=709934 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:modules_object_t:s0 tclass=file permissive=0
> ---
>   policy/modules/system/udev.te | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
> index 1e84e582..35368aa1 100644
> --- a/policy/modules/system/udev.te
> +++ b/policy/modules/system/udev.te
> @@ -174,6 +174,7 @@ modutils_domtrans(udev_t)
>   modutils_read_module_config(udev_t)
>   # read modules.inputmap:
>   modutils_read_module_deps(udev_t)
> +modutils_read_module_objects(udev_t)
>   
>   seutil_read_config(udev_t)
>   seutil_read_default_contexts(udev_t)

Merged.

-- 
Chris PeBenito