diff options
author | Chris PeBenito <chpebeni@linux.microsoft.com> | 2024-02-29 10:14:01 -0500 |
---|---|---|
committer | Kenton Groombridge <concord@gentoo.org> | 2024-05-14 13:40:54 -0400 |
commit | 7a7d1e4a5e7e532b93be215172976e2fa2556e1e (patch) | |
tree | 3efca1ac0d37323796b2a3b6cae2fb1fe9e6efff | |
parent | minissdpd: Revoke kernel module loading permissions. (diff) | |
download | hardened-refpolicy-7a7d1e4a5e7e532b93be215172976e2fa2556e1e.tar.gz hardened-refpolicy-7a7d1e4a5e7e532b93be215172976e2fa2556e1e.tar.bz2 hardened-refpolicy-7a7d1e4a5e7e532b93be215172976e2fa2556e1e.zip |
xen: Revoke kernel module loading permissions.
This domain also calls kernel_request_load_module(), which should be
sufficient.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
-rw-r--r-- | policy/modules/system/xen.te | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te index 5311f3a34..d633dfef7 100644 --- a/policy/modules/system/xen.te +++ b/policy/modules/system/xen.te @@ -500,7 +500,6 @@ xen_stream_connect_xenstore(xm_t) can_exec(xm_t, xm_exec_t) -kernel_load_module(xm_t) kernel_request_load_module(xm_t) kernel_read_system_state(xm_t) kernel_read_network_state(xm_t) |