nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default

Browse source 
Change the SELinux checkreqprot default value to 0 so that SELinux
performs access control checking on the actual memory protections
used by the kernel and not those requested by the application.

Signed-off-by: Paul Moore <pmoore@redhat.com>
This commit is contained in:
Paul Moore 2015-10-21 17:44:25 -04:00
parent 09302fd19e
commit 2a35d196c1
1 changed files with 2 additions and 2 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

4
security/selinux/Kconfig
View file

@ -78,7 +78,7 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
int "NSA SELinux checkreqprot default value" int "NSA SELinux checkreqprot default value"
depends on SECURITY_SELINUX depends on SECURITY_SELINUX
range 0 1 range 0 1
default 1 default 0
help help
This option sets the default value for the 'checkreqprot' flag This option sets the default value for the 'checkreqprot' flag
that determines whether SELinux checks the protection requested that determines whether SELinux checks the protection requested
@ -92,7 +92,7 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
'checkreqprot=' boot parameter. It may also be changed at runtime 'checkreqprot=' boot parameter. It may also be changed at runtime
via /selinux/checkreqprot if authorized by policy. via /selinux/checkreqprot if authorized by policy.
If you are unsure how to answer this question, answer 1. If you are unsure how to answer this question, answer 0.
config SECURITY_SELINUX_POLICYDB_VERSION_MAX config SECURITY_SELINUX_POLICYDB_VERSION_MAX
bool "NSA SELinux maximum supported policy format version" bool "NSA SELinux maximum supported policy format version"