SELinux: loosen DAC perms on reading policy There is no reason the DAC perms on reading the policy file need to be root only. There are selinux checks which should control this access. Signed-off-by: Eric Paris <eparis@redhat.com>

commit: 72e8c8593f8fdb983d9cd79d824f6b48ef21f14f [log] [tgz]
author: Eric Paris <eparis@redhat.com> Thu Feb 16 15:08:39 2012 -0500
committer: Eric Paris <eparis@redhat.com> Mon Apr 09 12:22:36 2012 -0400
tree: 1a1a81d6fc9007f18bedaace192708efd889eaf7
parent: 47a93a5bcb131879d4425d4559e90ad82990825d [diff] [blame]
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index d6ae2d4..f4b5a0b 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c

@@ -1832,7 +1832,7 @@
 		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
 		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
 		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
-		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR},
+		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
 		/* last one */ {""}
 	};
 	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
commit	72e8c8593f8fdb983d9cd79d824f6b48ef21f14f	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Thu Feb 16 15:08:39 2012 -0500
committer	Eric Paris <eparis@redhat.com>	Mon Apr 09 12:22:36 2012 -0400
tree	1a1a81d6fc9007f18bedaace192708efd889eaf7
parent	47a93a5bcb131879d4425d4559e90ad82990825d [diff] [blame]