Sākums Izpētīt Palīdzība
Pierakstīties
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Pārlūkot izejas kodu

SELinux: loosen DAC perms on reading policy

There is no reason the DAC perms on reading the policy file need to be root
only.  There are selinux checks which should control this access.

Signed-off-by: Eric Paris <eparis@redhat.com>
Eric Paris 14 gadi atpakaļ
vecāks
47a93a5bcb
revīzija
72e8c8593f
1 mainītis faili ar 1 papildinājumiem un 1 dzēšanām
Apvienotais skats Rādīt salīdzināšanas statistiku
  1. 1 1
      security/selinux/selinuxfs.c

+ 1 - 1
security/selinux/selinuxfs.c
Parādīt failu 

@@ -1832,7 +1832,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
 
 		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
 
 		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
 
 		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
 
 		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
 
 		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
 
 		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
 
-		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR},
 
+		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
 
 		/* last one */ {""}
 
 		/* last one */ {""}
 
 	};
 
 	};
 
 	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
 
 	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);