Re: kmod and unsigned modules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/1/2022 04:29, Russell Coker wrote:
[    9.002945] audit: type=1400 audit(1643707510.152:4): avc:  denied  {
integrity } for  pid=371 comm="modprobe" lockdown_reason="unsigned module
loading" scontext=system_u:system_r:kmod_t:s0
tcontext=system_u:system_r:kmod_t:s0 tclass=lockdown permissive=0

We need to have a boolean for this.  Just sending email so I don't forget it.

Switching to the refpolicy mail list.

The lockdown checks were removed in 5.16. IMO we should allow all domains both lockdown permissions until the lockdown class in the policy is removed.


--
Chris PeBenito



[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux