commit: f022dfa7423dc2477b1dcfc3e5d2f5a0cf527156 Author: Jonathan Davies <jpds <AT> protonmail <DOT> com> AuthorDate: Tue Jun 15 12:37:47 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Fri Nov 12 01:53:00 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f022dfa7
modutils.fc: Added Gentoo specific modules_conf_t paths. Closes: https://github.com/perfinion/hardened-refpolicy/pull/21 Signed-off-by: Jonathan Davies <jpds <AT> protonmail.com> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/system/modutils.fc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc index 169a2569..cfcfb715 100644 --- a/policy/modules/system/modutils.fc +++ b/policy/modules/system/modutils.fc @@ -6,6 +6,9 @@ ifdef(`distro_gentoo',` # gentoo init scripts still manage this file # even if devfs is off /etc/modprobe\.devfs.* -- gen_context(system_u:object_r:modules_conf_t,s0) +/etc/modules-load\.d/.*\.conf -- gen_context(system_u:object_r:modules_conf_t,s0) + +/run/modules-load\.d/.*\.conf -- gen_context(system_u:object_r:modules_conf_t,s0) ') /run/tmpfiles\.d/kmod\.conf -- gen_context(system_u:object_r:kmod_tmpfiles_conf_t,s0) @@ -19,6 +22,10 @@ ifdef(`distro_gentoo',` /usr/bin/rmmod.* -- gen_context(system_u:object_r:kmod_exec_t,s0) /usr/bin/update-modules -- gen_context(system_u:object_r:kmod_exec_t,s0) +ifdef(`distro_gentoo',` +/usr/lib/modules-load\.d/.*\.conf -- gen_context(system_u:object_r:modules_conf_t,s0) +') + /usr/lib/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0) /usr/lib/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
