forked from luck/tmp_suning_uos_patched
SELinux: loosen DAC perms on reading policy
There is no reason the DAC perms on reading the policy file need to be root only. There are selinux checks which should control this access. Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
47a93a5bcb
commit
72e8c8593f
@ -1832,7 +1832,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
|
||||
[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
|
||||
[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
|
||||
[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
|
||||
[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR},
|
||||
[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
|
||||
/* last one */ {""}
|
||||
};
|
||||
ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
|
||||
|
Loading…
Reference in New Issue
Block a user