should module_load be checked on a kernel module object?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I encountered a system module_load event for the first time today.
Howver i am a bit surprised:


avc:  denied  { module_load } for  pid=473 comm="modprobe"
scontext=wheel.id:sysadm.role:lmc.subj:s0-s0:c0.c1023
tcontext=wheel.id:sysadm.role:lmc.subj:s0-s0:c0.c1023 tclass=system
permissive=1

Should that permission not have applied to a kernel module object
instead of "self"?
-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux