selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default
Change the SELinux checkreqprot default value to 0 so that SELinux performs access control checking on the actual memory protections used by the kernel and not those requested by the application. Signed-off-by: Paul Moore <pmoore@redhat.com>
This commit is contained in:
Родитель
09302fd19e
Коммит
2a35d196c1
|
@ -78,7 +78,7 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
|
|||
int "NSA SELinux checkreqprot default value"
|
||||
depends on SECURITY_SELINUX
|
||||
range 0 1
|
||||
default 1
|
||||
default 0
|
||||
help
|
||||
This option sets the default value for the 'checkreqprot' flag
|
||||
that determines whether SELinux checks the protection requested
|
||||
|
@ -92,7 +92,7 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
|
|||
'checkreqprot=' boot parameter. It may also be changed at runtime
|
||||
via /selinux/checkreqprot if authorized by policy.
|
||||
|
||||
If you are unsure how to answer this question, answer 1.
|
||||
If you are unsure how to answer this question, answer 0.
|
||||
|
||||
config SECURITY_SELINUX_POLICYDB_VERSION_MAX
|
||||
bool "NSA SELinux maximum supported policy format version"
|
||||
|
|
Загрузка…
Ссылка в новой задаче