| Message ID | 20231012103210.2915871-13-adam.duskett@amarulasolutions.com |
|---|---|
| State | New |
| Headers | show |
| Series | SELinux: Basic config enforcing mode support. | expand |
diff --git a/DEVELOPERS b/DEVELOPERS index cfa0095969..879aa96361 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -41,6 +41,7 @@ F: package/flutter-gallery/ F: package/flutter-pi/ F: package/flutter-sdk-bin/ F: package/iptables/selinux/ +F: package/kmod/selinux/ F: package/network-manager/selinux/ F: package/openssh/selinux/ F: package/polkit/selinux/ diff --git a/package/kmod/selinux/buildroot-kmod.fc b/package/kmod/selinux/buildroot-kmod.fc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/package/kmod/selinux/buildroot-kmod.if b/package/kmod/selinux/buildroot-kmod.if new file mode 100644 index 0000000000..fd978bf190 --- /dev/null +++ b/package/kmod/selinux/buildroot-kmod.if @@ -0,0 +1 @@ +## <summary>Buildroot kmod rules</summary> diff --git a/package/kmod/selinux/buildroot-kmod.te b/package/kmod/selinux/buildroot-kmod.te new file mode 100644 index 0000000000..c06b81345d --- /dev/null +++ b/package/kmod/selinux/buildroot-kmod.te @@ -0,0 +1,4 @@ +policy_module(buildroot-kmod, 1.0.0) + +#============= kmod_t ============== +allow kmod_t proc_t:filesystem getattr;
This is a basic policy necessary for kmod to work properly in enforcing mode without any denials. Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- DEVELOPERS | 1 + package/kmod/selinux/buildroot-kmod.fc | 0 package/kmod/selinux/buildroot-kmod.if | 1 + package/kmod/selinux/buildroot-kmod.te | 4 ++++ 4 files changed, 6 insertions(+) create mode 100644 package/kmod/selinux/buildroot-kmod.fc create mode 100644 package/kmod/selinux/buildroot-kmod.if create mode 100644 package/kmod/selinux/buildroot-kmod.te