Yiwuwar ƙetare haramcin ɗaukar nauyin kernel, wanda aka aiwatar a cikin ƙa'idodin SELinux da aka yi niyya akan ɗayan na'urorin da aka yi nazari, an nuna shi (ba a ƙayyadadden na'urar da take da shi ba kuma nawa matsalar ke shafar ka'idodin SELinux a cikin firmware da rarrabawa) . Abubuwan toshewa a cikin ƙa'idodin SELinux da abin ya shafa sun dogara ne akan ƙuntata damar yin amfani da tsarin tsarin finit_module, wanda ke ba ku damar loda samfuri daga fayil kuma ana amfani dashi a cikin kayan aiki kamar insmod. Koyaya, dokokin SELinux ba su yi la'akari da kiran tsarin init_module ba, wanda kuma za'a iya amfani dashi don loda samfuran kwaya kai tsaye daga buffer a ƙwaƙwalwar ajiya.
Don nuna hanyar, an shirya samfurin amfani wanda zai ba ku damar aiwatar da lamba a matakin kernel ta hanyar loda tsarin ku kuma ku kashe kariyar SELinux gaba ɗaya, idan kuna da tushen tushen tsarin iyakance ta amfani da SELinux.
source: budenet.ru