Description of problem: I am not allowed to modprobe module from the command line, which seems strange. Version-Release number of selected component (if applicable): selinux-policy-3.13.1-225.10.fc25.noarch How reproducible: Always Steps to Reproduce: 1. modprobe vboxdrv 2. setenforce 0 3. modprobe vboxdrv 4. echo $? Actual results: modprobe: ERROR: could not insert 'vboxdrv': Permission denied 0 Expected results: 0 Additional info: Why I am not allowed to modprobe the module from the command line? Shouldn't it run as unconfined? It's not service.
I.e.: # setenforce 1 # modprobe vboxdrv modprobe: ERROR: could not insert 'vboxdrv': Permission denied # setenforce 0 # modprobe vboxdrv # lsmod | grep vboxdrv vboxdrv 434176 0
type=AVC msg=audit(1488374245.943:319): avc: denied { module_load } for pid=26087 comm="modprobe" path="/usr/lib/modules/4.9.11-200.fc25.x86_64/extra/VirtualBox/vboxdrv.ko" dev="dm-3" ino=2534 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:modules_object_t:s0 tclass=system permissive=1
Also systemd-modules-load.service is failing due to this bug.
Tagged as regression, because it worked in the past.
*** This bug has been marked as a duplicate of bug 1427409 ***