RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-23 14:32:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

org.selinux.policy: Require auth_admin_keep for all actions.

Browse Source 
Fedora permits obtaining local policy customizations and the list
of policy modules without admin authentication, but we would prefer
more conservative defaults upstream.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2015-03-27 16:13:34 -04:00
parent 082f1d1274
commit 549912d229
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policycoreutils/sepolicy/org.selinux.policy
View File

@ -40,7 +40,7 @@
<defaults> <defaults>
<allow_any>no</allow_any> <allow_any>no</allow_any>
<allow_inactive>no</allow_inactive> <allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active> <allow_active>auth_admin_keep</allow_active>
</defaults> </defaults>
</action> </action>
<action id="org.selinux.semodule_list"> <action id="org.selinux.semodule_list">
@ -49,7 +49,7 @@
<defaults> <defaults>
<allow_any>no</allow_any> <allow_any>no</allow_any>
<allow_inactive>no</allow_inactive> <allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active> <allow_active>auth_admin_keep</allow_active>
</defaults> </defaults>
</action> </action>
<action id="org.selinux.relabel_on_boot"> <action id="org.selinux.relabel_on_boot">