From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/
Date: Tue, 15 Jul 2025 07:54:13 +0000 (UTC) [thread overview]
Message-ID: <1752565943.5f0e7b0e46e2972b99bc2784b9e9df9de89a572b.perfinion@gentoo> (raw)
commit: 5f0e7b0e46e2972b99bc2784b9e9df9de89a572b
Author: Clayton Casciato <ccasciato <AT> 21sw <DOT> us>
AuthorDate: Wed Jun 11 03:30:13 2025 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Jul 15 07:52:23 2025 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5f0e7b0e
chronyd: allow chronyd_t kernel_t:system module_request
type=PROCTITLE proctitle=/usr/sbin/chronyd
type=SYSCALL arch=armeb syscall=socket per=PER_LINUX success=no
exit=EAFNOSUPPORT(Address family not supported by protocol) a0=inet6
a1=SOCK_DGRAM a2=ip a3=0x80800 items=0 ppid=1 pid=1308 auid=unset
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root tty=(none) ses=unset comm=chronyd exe=/usr/sbin/chronyd
subj=system_u:system_r:chronyd_t:s0 key=(null)
type=AVC avc: denied { module_request } for pid=1308 comm=chronyd
kmod="net-pf-10" scontext=system_u:system_r:chronyd_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
--
Issue background: https://access.redhat.com/solutions/6768131
--
Fedora:
https://github.com/fedora-selinux/selinux-policy/commit/d5acb7734d02012c54bee0064155c477b96f0bdd
$ sesearch -A --source chronyd_t --target kernel_t --class system --perm module_request
allow chronyd_t kernel_t:system module_request;
allow domain kernel_t:system module_request; [ domain_kernel_load_modules ]:True
Signed-off-by: Clayton Casciato <ccasciato <AT> 21sw.us>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/services/chronyd.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/services/chronyd.te b/policy/modules/services/chronyd.te
index 3d4007a57..0cac72e13 100644
--- a/policy/modules/services/chronyd.te
+++ b/policy/modules/services/chronyd.te
@@ -83,6 +83,7 @@ files_runtime_filetrans(chronyd_t, chronyd_runtime_t, { dir file sock_file })
kernel_read_system_state(chronyd_t)
kernel_read_network_state(chronyd_t)
+kernel_request_load_module(chronyd_t)
corenet_all_recvfrom_netlabel(chronyd_t)
corenet_udp_sendrecv_generic_if(chronyd_t)
next reply other threads:[~2025-07-15 7:54 UTC|newest]
Thread overview: 329+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-15 7:54 Jason Zaman [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-09-02 22:15 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/ Jason Zaman
2025-09-02 22:15 Jason Zaman
2025-09-02 22:15 Jason Zaman
2025-07-15 8:05 Jason Zaman
2025-07-15 8:05 Jason Zaman
2025-07-15 8:05 Jason Zaman
2025-07-15 8:05 Jason Zaman
2025-07-15 8:05 Jason Zaman
2025-07-15 8:05 Jason Zaman
2025-07-15 8:05 Jason Zaman
2025-07-15 8:05 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-07-15 7:54 Jason Zaman
2025-05-27 19:47 Kenton Groombridge
2025-03-08 23:55 Jason Zaman
2025-03-08 23:55 Jason Zaman
2025-03-08 23:55 Jason Zaman
2025-03-08 23:55 Jason Zaman
2025-03-08 23:55 Jason Zaman
2025-03-08 23:55 Jason Zaman
2025-03-08 23:55 Jason Zaman
2025-01-06 22:49 Kenton Groombridge
2025-01-06 21:08 Kenton Groombridge
2024-09-22 0:03 Jason Zaman
2024-09-22 0:03 Jason Zaman
2024-09-22 0:03 Jason Zaman
2024-09-22 0:03 Jason Zaman
2024-09-22 0:03 Jason Zaman
2024-09-22 0:03 Jason Zaman
2024-09-22 0:03 Jason Zaman
2024-09-22 0:03 Jason Zaman
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-05-14 19:42 Kenton Groombridge
2024-03-01 19:56 Kenton Groombridge
2024-03-01 19:56 Kenton Groombridge
2024-03-01 19:56 Kenton Groombridge
2023-10-20 22:05 Kenton Groombridge
2023-10-06 16:44 Kenton Groombridge
2023-10-06 16:44 Kenton Groombridge
2023-10-06 16:44 Kenton Groombridge
2023-10-06 16:44 Kenton Groombridge
2023-10-06 16:44 Kenton Groombridge
2023-10-06 16:44 Kenton Groombridge
2023-03-31 23:07 Kenton Groombridge
2023-03-31 23:07 Kenton Groombridge
2023-03-31 23:07 Kenton Groombridge
2023-03-31 23:07 Kenton Groombridge
2023-02-13 15:35 Kenton Groombridge
2023-02-13 15:35 Kenton Groombridge
2023-02-13 15:35 Kenton Groombridge
2023-02-13 15:35 Kenton Groombridge
2023-02-13 15:35 Kenton Groombridge
2022-12-13 20:55 Kenton Groombridge
2022-12-13 20:55 Kenton Groombridge
2022-12-13 20:55 Kenton Groombridge
2022-12-13 20:55 Kenton Groombridge
2022-12-13 20:55 Kenton Groombridge
2022-12-13 20:55 Kenton Groombridge
2022-12-13 20:55 Kenton Groombridge
2022-12-13 20:55 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-09-03 20:04 Kenton Groombridge
2022-09-03 19:54 Jason Zaman
2022-09-03 19:54 Jason Zaman
2022-09-03 19:54 Jason Zaman
2022-09-03 19:54 Jason Zaman
2022-09-03 19:54 Jason Zaman
2022-09-03 19:54 Jason Zaman
2022-09-03 19:54 Jason Zaman
2022-09-03 19:54 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-09-03 19:10 Jason Zaman
2022-04-09 19:28 Jason Zaman
2022-04-09 19:28 Jason Zaman
2022-04-09 19:28 Jason Zaman
2022-04-09 19:28 Jason Zaman
2022-04-09 19:28 Jason Zaman
2022-04-09 19:28 Jason Zaman
2022-04-09 19:28 Jason Zaman
2022-04-09 19:28 Jason Zaman
2022-03-31 3:31 Jason Zaman
2022-03-31 3:31 Jason Zaman
2022-03-31 3:31 Jason Zaman
2022-03-31 3:31 Jason Zaman
2022-03-31 3:31 Jason Zaman
2022-02-27 2:52 Jason Zaman
2022-02-27 2:52 Jason Zaman
2022-02-27 2:52 Jason Zaman
2022-02-27 2:52 Jason Zaman
2022-02-27 2:52 Jason Zaman
2022-02-07 2:14 Jason Zaman
2022-02-07 2:14 Jason Zaman
2022-02-07 2:14 Jason Zaman
2022-01-31 19:31 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2022-01-30 1:22 Jason Zaman
2021-11-21 23:02 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-03-22 0:21 Jason Zaman
2021-03-21 22:10 Jason Zaman
2021-03-21 22:10 Jason Zaman
2021-03-21 22:10 Jason Zaman
2021-03-21 22:10 Jason Zaman
2021-02-07 3:21 Jason Zaman
2021-02-07 3:21 Jason Zaman
2021-02-07 3:21 Jason Zaman
2021-02-07 3:20 Jason Zaman
2021-02-07 3:20 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2021-02-01 2:10 Jason Zaman
2020-11-28 23:09 Jason Zaman
2020-11-28 23:09 Jason Zaman
2020-11-28 23:09 Jason Zaman
2020-11-28 23:09 Jason Zaman
2020-11-28 23:09 Jason Zaman
2020-11-28 23:09 Jason Zaman
2020-11-28 23:09 Jason Zaman
2020-10-13 3:02 Jason Zaman
2020-10-13 3:02 Jason Zaman
2020-10-13 3:02 Jason Zaman
2020-10-13 3:02 Jason Zaman
2020-10-13 3:02 Jason Zaman
2020-10-13 3:02 Jason Zaman
2020-02-15 7:33 Jason Zaman
2019-12-16 17:48 Jason Zaman
2019-12-16 17:48 Jason Zaman
2019-12-16 17:48 Jason Zaman
2019-12-16 17:48 Jason Zaman
2019-12-16 17:48 Jason Zaman
2019-07-13 7:01 Jason Zaman
2019-07-13 7:01 Jason Zaman
2019-07-13 7:01 Jason Zaman
2019-03-26 10:17 Jason Zaman
2019-03-26 10:17 Jason Zaman
2019-03-26 10:17 Jason Zaman
2019-03-26 10:17 Jason Zaman
2019-02-10 4:14 Jason Zaman
2019-02-10 4:14 Jason Zaman
2019-02-10 4:14 Jason Zaman
2019-02-10 4:14 Jason Zaman
2019-02-10 4:14 Jason Zaman
2019-02-10 4:14 Jason Zaman
2019-02-10 4:14 Jason Zaman
2018-12-09 11:48 Jason Zaman
2018-12-09 11:48 Jason Zaman
2018-12-09 11:48 Jason Zaman
2018-12-09 11:48 Jason Zaman
2018-12-09 11:48 Jason Zaman
2018-12-09 11:48 Jason Zaman
2018-12-09 11:48 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-11-11 23:29 Jason Zaman
2018-07-12 14:37 Jason Zaman
2018-06-25 5:33 Jason Zaman
2018-06-24 8:46 Jason Zaman
2017-12-14 5:15 Jason Zaman
2017-12-12 7:59 Jason Zaman
2017-12-12 7:59 Jason Zaman
2017-12-12 7:59 Jason Zaman
2017-11-17 14:59 Jason Zaman
2017-10-29 20:42 Jason Zaman
2017-02-05 6:29 Jason Zaman
2017-01-26 3:32 Jason Zaman
2017-01-13 18:43 Sven Vermeulen
2017-01-13 18:43 Sven Vermeulen
2017-01-01 16:37 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-01-01 16:36 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-01-01 16:36 Jason Zaman
2017-01-01 16:36 Jason Zaman
2016-12-06 14:24 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 13:39 Jason Zaman
2016-12-06 13:39 Jason Zaman
2016-12-06 13:39 Jason Zaman
2016-12-06 13:39 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-01-30 17:21 Jason Zaman
2016-01-30 17:21 Jason Zaman
2016-01-30 17:21 Jason Zaman
2016-01-30 17:21 Jason Zaman
2015-10-10 16:11 Jason Zaman
2015-08-02 19:26 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-02 19:23 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-02 19:26 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-02 19:23 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-05-27 20:00 Jason Zaman
2015-03-04 17:03 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2015-03-04 16:45 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-21 17:31 Sven Vermeulen
2014-08-21 17:31 Sven Vermeulen
2014-08-21 17:31 Sven Vermeulen
2014-08-13 20:02 Sven Vermeulen
2014-08-13 20:02 Sven Vermeulen
2014-06-10 18:17 Sven Vermeulen
2014-06-10 18:17 Sven Vermeulen
2014-04-18 20:06 Sven Vermeulen
2014-04-17 19:04 Sven Vermeulen
2014-04-17 19:04 Sven Vermeulen
2014-03-25 20:41 Sven Vermeulen
2014-03-17 8:24 Sven Vermeulen
2014-03-17 8:24 Sven Vermeulen
2014-03-17 8:24 Sven Vermeulen
2014-03-17 8:24 Sven Vermeulen
2014-03-17 8:24 Sven Vermeulen
2014-03-17 8:24 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-01-19 19:01 Sven Vermeulen
2014-01-19 19:01 Sven Vermeulen
2013-12-09 14:37 Sven Vermeulen
2013-12-06 17:33 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-24 17:10 Sven Vermeulen
2013-09-24 17:10 Sven Vermeulen
2013-07-23 12:02 Sven Vermeulen
2013-01-03 16:49 Sven Vermeulen
2012-12-07 15:36 Sven Vermeulen
2012-12-07 15:36 Sven Vermeulen
2012-12-07 15:36 Sven Vermeulen
2012-11-27 19:14 Sven Vermeulen
2012-11-27 19:14 Sven Vermeulen
2012-11-25 21:39 Sven Vermeulen
2012-10-19 15:06 Sven Vermeulen
2012-10-19 15:06 Sven Vermeulen
2012-10-19 15:06 Sven Vermeulen
2012-10-19 15:06 Sven Vermeulen
2012-10-10 19:52 Sven Vermeulen
2012-08-21 17:52 Sven Vermeulen
2012-08-21 17:52 Sven Vermeulen
2012-05-28 12:39 Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1752565943.5f0e7b0e46e2972b99bc2784b9e9df9de89a572b.perfinion@gentoo \
--to=perfinion@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox