]> git.ipfire.org Git - people/stevee/selinux-policy.git/commitdiff
projects / people / stevee / selinux-policy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 54f9ea9)
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_securi...
authorDan Walsh <dwalsh@redhat.com>
Fri, 29 Jul 2011 03:32:45 +0000 (23:32 -0400)
committerDan Walsh <dwalsh@redhat.com>
Fri, 29 Jul 2011 03:32:45 +0000 (23:32 -0400)
policy/modules/kernel/kernel.te patch | blob | blame | history

diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 30d03e30515748aec6c9ba5463b663038a6b0f4e..2860a62952ea9fa3988282d0963be077571be548 100644 (file)
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -375,9 +375,7 @@ optional_policy(`
                fs_read_noxattr_fs_files(kernel_t)
                fs_read_noxattr_fs_symlinks(kernel_t)
 
-               auth_read_all_dirs_except_shadow(kernel_t)
-               auth_read_all_files_except_shadow(kernel_t)
-               auth_read_all_symlinks_except_shadow(kernel_t)
+               files_read_non_security_files(kernel_t)
        ')
 
        tunable_policy(`nfs_export_all_rw',`
@@ -386,7 +384,7 @@ optional_policy(`
                fs_read_noxattr_fs_files(kernel_t)
                fs_read_noxattr_fs_symlinks(kernel_t)
 
-               auth_manage_all_files_except_shadow(kernel_t)
+               files_manage_non_security_files(kernel_t)
        ')
 ')
 
The IPFire selinux policy.