Exclude audit-related capabilities from unconfined domains. (e8c9fdac) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit e8c9fdac authored 11 years ago by Stephen Smalley

Exclude audit-related capabilities from unconfined domains.


Require them to be explicitly granted by specific allow rules.
audit_write is required to write an audit message from userspace.
audit_control is required to configure the audit subsystem.

Change-Id: I5aa4e3228f9b0bde3570689fe7a0d68e56861a17
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

parent 888d283c

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 1 addition and 1 deletion

Please register or to comment