xen: Revoke kernel module loading permissions.

This domain also calls kernel_request_load_module(), which should be sufficient. Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com> Signed-off-by: Kenton Groombridge <concord@gentoo.org>
author: Chris PeBenito <chpebeni@linux.microsoft.com> 2024-02-29 10:14:01 -0500
committer: Kenton Groombridge <concord@gentoo.org> 2024-05-14 13:40:54 -0400
commit: 7a7d1e4a5e7e532b93be215172976e2fa2556e1e (patch)
tree: 3efca1ac0d37323796b2a3b6cae2fb1fe9e6efff
parent: minissdpd: Revoke kernel module loading permissions. (diff)
download: hardened-refpolicy-7a7d1e4a5e7e532b93be215172976e2fa2556e1e.tar.gz
hardened-refpolicy-7a7d1e4a5e7e532b93be215172976e2fa2556e1e.tar.bz2
hardened-refpolicy-7a7d1e4a5e7e532b93be215172976e2fa2556e1e.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te
index 5311f3a34..d633dfef7 100644
--- a/policy/modules/system/xen.te
+++ b/policy/modules/system/xen.te
@@ -500,7 +500,6 @@ xen_stream_connect_xenstore(xm_t)
 
 can_exec(xm_t, xm_exec_t)
 
-kernel_load_module(xm_t)
 kernel_request_load_module(xm_t)
 kernel_read_system_state(xm_t)
 kernel_read_network_state(xm_t)
author	Chris PeBenito <chpebeni@linux.microsoft.com>	2024-02-29 10:14:01 -0500
committer	Kenton Groombridge <concord@gentoo.org>	2024-05-14 13:40:54 -0400
commit	7a7d1e4a5e7e532b93be215172976e2fa2556e1e (patch)
tree	3efca1ac0d37323796b2a3b6cae2fb1fe9e6efff
parent	minissdpd: Revoke kernel module loading permissions. (diff)
download	hardened-refpolicy-7a7d1e4a5e7e532b93be215172976e2fa2556e1e.tar.gz hardened-refpolicy-7a7d1e4a5e7e532b93be215172976e2fa2556e1e.tar.bz2 hardened-refpolicy-7a7d1e4a5e7e532b93be215172976e2fa2556e1e.zip