From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-commits+bounces-920467-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 14781139085 for <garchives@archives.gentoo.org>; Sun, 1 Jan 2017 16:37:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 42E7EE0E7F; Sun, 1 Jan 2017 16:36:52 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 23865E0E7F for <gentoo-commits@lists.gentoo.org>; Sun, 1 Jan 2017 16:36:52 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 572A9340FC1 for <gentoo-commits@lists.gentoo.org>; Sun, 1 Jan 2017 16:36:51 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9047825C3 for <gentoo-commits@lists.gentoo.org>; Sun, 1 Jan 2017 16:36:49 +0000 (UTC) From: "Jason Zaman" <perfinion@gentoo.org> To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org> Message-ID: <1483287988.61ff9d660037e9010115f2d0ac61180673e377ac.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/udev.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 61ff9d660037e9010115f2d0ac61180673e377ac X-VCS-Branch: master Date: Sun, 1 Jan 2017 16:36:49 +0000 (UTC) Precedence: bulk List-Post: <mailto:gentoo-commits@lists.gentoo.org> List-Help: <mailto:gentoo-commits+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org> X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: ad427a53-d369-413b-859f-a85ab9a0d263 X-Archives-Hash: b444718c3534b33ea671332e2d9cc62c commit: 61ff9d660037e9010115f2d0ac61180673e377ac Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net> AuthorDate: Sat Dec 17 18:08:40 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Jan 1 16:26:28 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=61ff9d66 udev: always enable kernel module loading The udev daemon should be able to load kernel modules not only on systems using systemd but also on systems using former versions of the udev daemon. Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net> policy/modules/system/udev.te | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te index a774e61..760b4de 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -79,6 +79,7 @@ manage_lnk_files_pattern(udev_t, udev_var_run_t, udev_var_run_t) manage_sock_files_pattern(udev_t, udev_var_run_t, udev_var_run_t) files_pid_filetrans(udev_t, udev_var_run_t, dir, "udev") +kernel_load_module(udev_t) kernel_read_system_state(udev_t) kernel_request_load_module(udev_t) kernel_getattr_core_if(udev_t) @@ -220,8 +221,6 @@ ifdef(`distro_redhat',` ') ifdef(`init_systemd',` - kernel_load_module(udev_t) - files_search_kernel_modules(udev_t) fs_read_cgroup_files(udev_t)