Do not change ownership of /sys/fs/selinux/load to system UID.
Policy reload is handled by setting the selinux.reload_policy property and letting the init process perform the actual loading of policy into the kernel. Thus, there should be no need for the system UID to directly write to /sys/fs/selinux/load. Change-Id: I240c5bb2deaee757a2e1e396e14dea9e5d9286f5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
parent
a208ea6301
commit
cc13e8ab87
1 changed files with 0 additions and 1 deletions
|
|
@ -339,7 +339,6 @@ on boot
|
|||
chown root radio /proc/cmdline
|
||||
|
||||
# Set these so we can remotely update SELinux policy
|
||||
chown system system /sys/fs/selinux/load
|
||||
chown system system /sys/fs/selinux/enforce
|
||||
|
||||
# Define TCP buffer sizes for various networks
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue