summaryrefslogtreecommitdiff
path: root/security/selinux
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-02-16 15:08:39 -0500
committerEric Paris <eparis@redhat.com>2012-04-09 12:22:36 -0400
commit72e8c8593f8fdb983d9cd79d824f6b48ef21f14f (patch)
tree1a1a81d6fc9007f18bedaace192708efd889eaf7 /security/selinux
parent47a93a5bcb131879d4425d4559e90ad82990825d (diff)
downloadlinux-3.10-72e8c8593f8fdb983d9cd79d824f6b48ef21f14f.tar.gz
linux-3.10-72e8c8593f8fdb983d9cd79d824f6b48ef21f14f.tar.bz2
linux-3.10-72e8c8593f8fdb983d9cd79d824f6b48ef21f14f.zip
SELinux: loosen DAC perms on reading policy
There is no reason the DAC perms on reading the policy file need to be root only. There are selinux checks which should control this access. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/selinuxfs.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index d6ae2d40730..f4b5a0baaec 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1832,7 +1832,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
- [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR},
+ [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
/* last one */ {""}
};
ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);