SELinux: loosen DAC perms on reading policy

There is no reason the DAC perms on reading the policy file need to be root only. There are selinux checks which should control this access. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2012-02-16 20:08:39 (GMT)
committer: Eric Paris <eparis@redhat.com> 2012-04-09 16:22:36 (GMT)
commit: 72e8c8593f8fdb983d9cd79d824f6b48ef21f14f (patch)
tree: 1a1a81d6fc9007f18bedaace192708efd889eaf7 /security/selinux/selinuxfs.c
parent: 47a93a5bcb131879d4425d4559e90ad82990825d (diff)
download: linux-72e8c8593f8fdb983d9cd79d824f6b48ef21f14f.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index d6ae2d4..f4b5a0b 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1832,7 +1832,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
 		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
 		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
 		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
-		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR},
+		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
 		/* last one */ {""}
 	};
 	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
author	Eric Paris <eparis@redhat.com>	2012-02-16 20:08:39 (GMT)
committer	Eric Paris <eparis@redhat.com>	2012-04-09 16:22:36 (GMT)
commit	72e8c8593f8fdb983d9cd79d824f6b48ef21f14f (patch)
tree	1a1a81d6fc9007f18bedaace192708efd889eaf7 /security/selinux/selinuxfs.c
parent	47a93a5bcb131879d4425d4559e90ad82990825d (diff)
download	linux-72e8c8593f8fdb983d9cd79d824f6b48ef21f14f.tar.xz