selinux-refpolicy/policy
Nicolas Iooss 27f4846ff8 userdomain: no longer allow unprivileged users to read kernel symbols
Unprivileged users don't need to read kallsyms and /boot/System.map.

This allow rule was introduced in the initial revision of userdomain.if in
2005, with commit b16c6b8c32:

    # cjp: why?
    bootloader_read_kernel_symbol_table($1_t)
2014-04-04 15:52:17 -04:00
..
flask flask: add the attach_queue permission to the tun_socket object class 2013-01-22 12:46:06 -05:00
modules userdomain: no longer allow unprivileged users to read kernel symbols 2014-04-04 15:52:17 -04:00
support
constraints
global_booleans
global_tunables
mcs Implement mcs_constrained_type 2012-11-28 16:12:25 -05:00
mls Add MLS constraints for x_pointer and x_keyboard. 2013-08-26 08:30:05 -04:00
policy_capabilities
users Apply direct_initrc to unconfined_r:unconfined_t 2014-01-16 15:27:18 -05:00