Kernel integrity protection
-
Controlling use of insmod program
- allow sysadm_t insmod_exec_t:file x_file_perms;
- allow sysadm_t insmod_t:process transition;
- allow insmod_t insmod_exec_t:process { entrypoint execute
};
- allow insmod_t sysadm_t:fd inherit_fd_perms;
- allow insmod_t self:capability sys_module;
- allow insmod_t sysadm_t:process sigchld;