On 9/3/20 8:21 PM, Ansis wrote: > Acked-by: Ansis Atteka <[email protected]> > > On Thu, Sep 3, 2020, 10:03 AM Yi-Hung Wei <[email protected]> wrote: > >> On RHEL 8, a SELinux policy is missing when ovs-kmod-ctl use modprobe >> to load kernel modules. This patch adds the missing permissions based >> on /var/log/audit/audit.log >> >> Example log of the AVC violations: >> type=AVC msg=audit(1599075387.136:65): avc: denied { read } for >> pid=1472 comm="modprobe" name="modules.alias.bin" dev="dm-0" ino=586629 >> scontext=system_u:system_r:openvswitch_load_module_t:s0 >> tcontext=system_u:object_r:modules_dep_t:s0 tclass=file permissive=0 >> >> type=AVC msg=audit(1599085253.148:45): avc: denied { open } for >> pid=1355 >> comm="modprobe" >> path="/usr/lib/modules/4.18.0-193.el8.x86_64/modules.dep.bin" >> dev="dm-0" ino=624258 >> scontext=system_u:system_r:openvswitch_load_module_t:s0 >> tcontext=unconfined_u:object_r:modules_dep_t:s0 tclass=file permissive=0 >> >> VMWare-BZ: #2633569 >> Signed-off-by: Yi-Hung Wei <[email protected]> >> ---
Thanks! Applied to master and backported down to 2.13. Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
