[refpolicy] [PATCH 3/3] Allow iptables_t to do module_request

Laurent Bigonville bigon at debian.org
Tue Sep 4 16:21:09 CDT 2012


From: Mika Pflüger <debian at mikapflueger.de>

---
 policy/modules/system/iptables.te |    1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index 0646ee7..6f2fb69 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -30,6 +30,7 @@ files_pid_file(iptables_var_run_t)
 # Iptables local policy
 #
 
+kernel_request_load_module(iptables_t)
 allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw };
 dontaudit iptables_t self:capability sys_tty_config;
 allow iptables_t self:fifo_file rw_fifo_file_perms;
-- 
1.7.10.4



More information about the refpolicy mailing list