mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-23 06:22:15 +00:00
org.selinux.policy: Require auth_admin_keep for all actions.
Fedora permits obtaining local policy customizations and the list of policy modules without admin authentication, but we would prefer more conservative defaults upstream. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
082f1d1274
commit
549912d229
@ -40,7 +40,7 @@
|
||||
<defaults>
|
||||
<allow_any>no</allow_any>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
<action id="org.selinux.semodule_list">
|
||||
@ -49,7 +49,7 @@
|
||||
<defaults>
|
||||
<allow_any>no</allow_any>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
<action id="org.selinux.relabel_on_boot">
|
||||
|
Loading…
Reference in New Issue
Block a user