You are not logged in.
I cannot properly use modprobe because I have linux hardened and SELinux, I am guessing it is SELinux which has modprobe disabled by default. This means e.g. that I cannot run virtualbox because it utilizes modprobe to be able to function properly. Running
sestatus
results in "SELinux status: disabled"
and installing virtualbox as well as virtualbox-host-dkms only to run "modprobe vboxdrv" results in
modprobe: ERROR: could not insert 'vboxdrv': Operation not permitted
Output of "seinfo"
Statistics for policy file: /etc/selinux/refpolicy-arch/policy/policy.32
Policy Version: 32 (MLS disabled)
Target Policy: selinux
Handle unknown classes: deny
Classes: 130 Permissions: 418
Sensitivities: 0 Categories: 0
Types: 4526 Attributes: 209
Users: 6 Roles: 14
Booleans: 325 Cond. Expr.: 355
Allow: 120591 Neverallow: 0
Auditallow: 24 Dontaudit: 19703
Type_trans: 9934 Type_change: 61
Type_member: 16 Range_trans: 0
Role allow: 26 Role_trans: 0
Constraints: 64 Validatetrans: 0
MLS Constrain: 0 MLS Val. Tran: 0
Permissives: 0 Polcap: 5
Defaults: 0 Typebounds: 0
Allowxperm: 0 Neverallowxperm: 0
Auditallowxperm: 0 Dontauditxperm: 0
Ibendportcon: 0 Ibpkeycon: 0
Initial SIDs: 27 Fs_use: 26
Genfscon: 92 Portcon: 474
Netifcon: 0 Nodecon: 0
Any idea how to bypass or white list modprobe? Or any other solution?
Edit: Added additional information and added SELinux as a potential bad guy in this issue.
Last edited by fileserverpls (2020-10-16 08:33:54)
Offline
No it doesn't but you'll probably have to use the dkms module.
https://wiki.archlinux.org/index.php/Se … _hardening
However, judging from your old thread (that you could have provided as context…): https://bbs.archlinux.org/viewtopic.php?id=255637 - in particular this randomly posted line
(9/9) SELinux: relabel installed files
I'm gonna say this restriction is by SELinux, not the hardened kernel - which is why you should first try the behavior w/ selinux=0 and then elaborate on the present policy config.
If your old thread does no longer apply to your current situation, please provide some updated context. "modprobe does not works, I use linux-hardened" is no usable problem description.
Online