Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date:	Wed, 29 Aug 2012 18:48:37
Message-Id:	`1346257679.dc87bde1d33331b2cfc8755471af7b316f45edb7.SwifT@gentoo`

1	commit: dc87bde1d33331b2cfc8755471af7b316f45edb7
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Wed Aug 29 16:27:59 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Wed Aug 29 16:27:59 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=dc87bde1
7
8	Allow cryptsetup to request loading a kernel module
9
10	At boot time, when cryptsetup is used for encrypted file systems, cryptsetup
11	asks the system to load the cryptography-related module(s) as shown by the next
12	denial:
13
14	Aug 21 08:45:49 dell-studio kernel: [ 28.881908] type=1400 audit(1345531540.026:21):
15	avc: denied { module_request } for pid=1524 comm="cryptsetup" kmod="cbc(aes)"
16	scontext=system_u:system_r:lvm_t tcontext=system_u:system_r:kernel_t tclass=system
17
18	---
19	policy/modules/system/lvm.te \| 1 +
20	1 files changed, 1 insertions(+), 0 deletions(-)
21
22	diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
23	index 61c219d..05392e1 100644
24	--- a/policy/modules/system/lvm.te
25	+++ b/policy/modules/system/lvm.te
26	@@ -216,6 +216,7 @@ kernel_get_sysvipc_info(lvm_t)
27	kernel_read_system_state(lvm_t)
28	# Read system variables in /proc/sys
29	kernel_read_kernel_sysctls(lvm_t)
30	+kernel_request_load_module(lvm_t)
31	# it has no reason to need this
32	kernel_dontaudit_getattr_core_if(lvm_t)
33	kernel_use_fds(lvm_t)