When loading a kernel module using init_module the module is copied from memory of the calling process. In that case, the target really is the calling process. When using finit_module a file is passed to the kernel and that file is the target object. See the commit message that added module_load for a more complete description: https://marc.info/?l=selinux&m=145988689809307&w=2 On Sun, Oct 9, 2016 at 1:10 AM, Dominick Grift <dac.override@xxxxxxxxx> wrote: > > I encountered a system module_load event for the first time today. > Howver i am a bit surprised: > > > avc: denied { module_load } for pid=473 comm="modprobe" > scontext=wheel.id:sysadm.role:lmc.subj:s0-s0:c0.c1023 > tcontext=wheel.id:sysadm.role:lmc.subj:s0-s0:c0.c1023 tclass=system > permissive=1 > > Should that permission not have applied to a kernel module object > instead of "self"? > -- > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > Dominick Grift > > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
