kudzu (kmodule) and /dev/zero: latest rawhide issues....

[Tom London]

Latest rawhide packages, kudzu has problems with /dev/zero
and /dev/mem

kudzu generates:

Nov  7 17:20:13 fedora kernel: audit(1099847973.501:0): avc:  denied 
{ read } for  pid=826 exe=/sbin/kmodule name=zero dev=tmpfs ino=3510
scontext=system_u:system_r:kudzu_t
tcontext=system_u:object_r:zero_device_t tclass=chr_file
Nov  7 17:20:13 fedora kernel: audit(1099847973.501:0): avc:  denied 
{ read } for  pid=826 exe=/sbin/kmodule name=zero dev=tmpfs ino=3510
scontext=system_u:system_r:kudzu_t
tcontext=system_u:object_r:zero_device_t tclass=chr_file

after fixing this, it fails on mmap of /dev/zero, so need to
also add execute.

Here's a patch:
--- SAVE/kudzu.te       2004-11-07 18:18:24.889196971 -0800
+++ ./kudzu.te  2004-11-07 18:18:52.095994659 -0800
@@ -18,6 +18,7 @@
 allow kudzu_t modules_object_t:dir r_dir_perms;
 allow kudzu_t { modules_object_t modules_dep_t }:file { getattr read };
 allow kudzu_t mouse_device_t:chr_file { read write };
+allow kudzu_t zero_device_t:chr_file { read execute };
 allow kudzu_t proc_t:file { getattr read };
 allow kudzu_t { fixed_disk_device_t removable_device_t }:blk_file
rw_file_perms;
 allow kudzu_t scsi_generic_device_t:chr_file r_file_perms;

But, it now produces: 
Nov  8 06:53:38 fedora kernel: audit(1099896764.946:0): avc:  denied 
{ read write } for  pid=826 exe=/sbin/kmodule name=mem dev=tmpfs
ino=909 scontext=system_u:system_r:kudzu_t
tcontext=system_u:object_r:memory_device_t tclass=chr_file

Adding 
allow kudzu_t memory_device_t:chr_file { read write };
produces 

/usr/bin/checkpolicy:  loading policy configuration from policy.conf
security:  5 users, 6 roles, 1323 types, 31 bools
security:  53 classes, 313479 rules
assertion on line 269956 violated by allow kudzu_t
memory_device_t:chr_file { read write };
make: *** [/etc/selinux/strict/policy/policy.18] Error 1

Some help, please?

thanks,
   tom
-- 
Tom London