Home Home > GIT Browse
diff options
authorAndrew Morton <akpm@osdl.org>2004-02-15 18:06:16 -0800
committerLinus Torvalds <torvalds@home.osdl.org>2004-02-15 18:06:16 -0800
commitfa419e62bd6dc02439e5bd912112564f10e2902d (patch)
parentb9164789fd201dca9f03b3bbef65f04af81a41c1 (diff)
[PATCH] selinux: Allow non-root processes to read selinuxfs enforce node
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch changes the mode bits on the selinuxfs enforce node so that non-root processes can read it. This is necessary to allow non-root userspace policy enforcers to check the enforcing flag upon a permission failure as well. A process must still have the appropriate SELinux permission in order to read the node.
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 482513614d97..682fb85010f8 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -603,7 +603,7 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent)
static struct tree_descr selinux_files[] = {
[SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
- [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUSR|S_IWUSR},
+ [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
[SEL_CONTEXT] = {"context", &sel_context_ops, S_IRUGO|S_IWUGO},
[SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
[SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},