You are not logged in.

#1 2020-10-15 21:00:00

fileserverpls
Member
Registered: 2018-10-21
Posts: 15

modprobe when I have linux-hardened and SELinux

I cannot properly use modprobe because I have linux hardened and SELinux, I am guessing it is SELinux which has modprobe disabled by default. This means e.g. that I cannot run virtualbox because it utilizes modprobe to be able to function properly. Running

sestatus

results in "SELinux status:                 disabled"

and installing virtualbox as well as virtualbox-host-dkms only to run "modprobe vboxdrv" results in

modprobe: ERROR: could not insert 'vboxdrv': Operation not permitted

Output of "seinfo"

Statistics for policy file: /etc/selinux/refpolicy-arch/policy/policy.32
Policy Version:             32 (MLS disabled)
Target Policy:              selinux
Handle unknown classes:     deny
  Classes:             130    Permissions:         418
  Sensitivities:         0    Categories:            0
  Types:              4526    Attributes:          209
  Users:                 6    Roles:                14
  Booleans:            325    Cond. Expr.:         355
  Allow:            120591    Neverallow:            0
  Auditallow:           24    Dontaudit:         19703
  Type_trans:         9934    Type_change:          61
  Type_member:          16    Range_trans:           0
  Role allow:           26    Role_trans:            0
  Constraints:          64    Validatetrans:         0
  MLS Constrain:         0    MLS Val. Tran:         0
  Permissives:           0    Polcap:                5
  Defaults:              0    Typebounds:            0
  Allowxperm:            0    Neverallowxperm:       0
  Auditallowxperm:       0    Dontauditxperm:        0
  Ibendportcon:          0    Ibpkeycon:             0
  Initial SIDs:         27    Fs_use:               26
  Genfscon:             92    Portcon:             474
  Netifcon:              0    Nodecon:               0

Any idea how to bypass or white list modprobe? Or any other solution?

Edit: Added additional information and added SELinux as a potential bad guy in this issue.

Last edited by fileserverpls (2020-10-16 08:33:54)

Offline

#2 2020-10-16 04:54:45

seth
Member
Registered: 2012-09-03
Posts: 16,682

Re: modprobe when I have linux-hardened and SELinux

No it doesn't but you'll probably have to use the dkms module.
https://wiki.archlinux.org/index.php/Se … _hardening

However, judging from your old thread (that you could have provided as context…): https://bbs.archlinux.org/viewtopic.php?id=255637 - in particular this randomly posted line

(9/9) SELinux: relabel installed files

I'm gonna say this restriction is by SELinux, not the hardened kernel - which is why you should first try the behavior w/ selinux=0 and then elaborate on the present policy config.

If your old thread does no longer apply to your current situation, please provide some updated context. "modprobe does not works, I use linux-hardened" is no usable problem description.

Offline

Board footer

Powered by FluxBB