1 |
commit: dc87bde1d33331b2cfc8755471af7b316f45edb7 |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Wed Aug 29 16:27:59 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Wed Aug 29 16:27:59 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=dc87bde1 |
7 |
|
8 |
Allow cryptsetup to request loading a kernel module |
9 |
|
10 |
At boot time, when cryptsetup is used for encrypted file systems, cryptsetup |
11 |
asks the system to load the cryptography-related module(s) as shown by the next |
12 |
denial: |
13 |
|
14 |
Aug 21 08:45:49 dell-studio kernel: [ 28.881908] type=1400 audit(1345531540.026:21): |
15 |
avc: denied { module_request } for pid=1524 comm="cryptsetup" kmod="cbc(aes)" |
16 |
scontext=system_u:system_r:lvm_t tcontext=system_u:system_r:kernel_t tclass=system |
17 |
|
18 |
--- |
19 |
policy/modules/system/lvm.te | 1 + |
20 |
1 files changed, 1 insertions(+), 0 deletions(-) |
21 |
|
22 |
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te |
23 |
index 61c219d..05392e1 100644 |
24 |
--- a/policy/modules/system/lvm.te |
25 |
+++ b/policy/modules/system/lvm.te |
26 |
@@ -216,6 +216,7 @@ kernel_get_sysvipc_info(lvm_t) |
27 |
kernel_read_system_state(lvm_t) |
28 |
# Read system variables in /proc/sys |
29 |
kernel_read_kernel_sysctls(lvm_t) |
30 |
+kernel_request_load_module(lvm_t) |
31 |
# it has no reason to need this |
32 |
kernel_dontaudit_getattr_core_if(lvm_t) |
33 |
kernel_use_fds(lvm_t) |