Re: kmod and unsigned modules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/1/2022 04:29, Russell Coker wrote:
[    9.002945] audit: type=1400 audit(1643707510.152:4): avc:  denied  {
integrity } for  pid=371 comm="modprobe" lockdown_reason="unsigned module
loading" scontext=system_u:system_r:kmod_t:s0
tcontext=system_u:system_r:kmod_t:s0 tclass=lockdown permissive=0

We need to have a boolean for this.  Just sending email so I don't forget it.

Switching to the refpolicy mail list.

The lockdown checks were removed in 5.16. IMO we should allow all domains both lockdown permissions until the lockdown class in the policy is removed.


--
Chris PeBenito



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux