Commit fa419e62 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] selinux: Allow non-root processes to read selinuxfs enforce node

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch changes the mode bits on the selinuxfs enforce node so that
non-root processes can read it.  This is necessary to allow non-root
userspace policy enforcers to check the enforcing flag upon a permission
failure as well.  A process must still have the appropriate SELinux
permission in order to read the node.
parent b9164789
......@@ -603,7 +603,7 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent)
{
static struct tree_descr selinux_files[] = {
[SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
[SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUSR|S_IWUSR},
[SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
[SEL_CONTEXT] = {"context", &sel_context_ops, S_IRUGO|S_IWUGO},
[SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
[SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment