SELinux: loosen DAC perms on reading policy

There is no reason the DAC perms on reading the policy file need to be root only. There are selinux checks which should control this access. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2012-02-16 15:08:39 -0500
committer: Eric Paris <eparis@redhat.com> 2012-04-09 12:22:36 -0400
commit: 72e8c8593f8fdb983d9cd79d824f6b48ef21f14f (patch)
tree: 1a1a81d6fc9007f18bedaace192708efd889eaf7 /security/selinux/selinuxfs.c
parent: 47a93a5bcb131879d4425d4559e90ad82990825d (diff)
download: linux-72e8c8593f8fdb983d9cd79d824f6b48ef21f14f.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index d6ae2d407307..f4b5a0baaec4 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1832,7 +1832,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
 		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
 		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
 		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
-		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR},
+		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
 		/* last one */ {""}
 	};
 	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
author	Eric Paris <eparis@redhat.com>	2012-02-16 15:08:39 -0500
committer	Eric Paris <eparis@redhat.com>	2012-04-09 12:22:36 -0400
commit	72e8c8593f8fdb983d9cd79d824f6b48ef21f14f (patch)
tree	1a1a81d6fc9007f18bedaace192708efd889eaf7 /security/selinux/selinuxfs.c
parent	47a93a5bcb131879d4425d4559e90ad82990825d (diff)
download	linux-72e8c8593f8fdb983d9cd79d824f6b48ef21f14f.tar.bz2