Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2a35d196 authored by Paul Moore's avatar Paul Moore
Browse files

selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default 



Change the SELinux checkreqprot default value to 0 so that SELinux
performs access control checking on the actual memory protections
used by the kernel and not those requested by the application.

Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
parent 09302fd1

security/selinux/Kconfig

+2 −2
Original line number Diff line number Diff line
@@ -78,7 +78,7 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE 
	int "NSA SELinux checkreqprot default value"

	depends on SECURITY_SELINUX

	range 0 1

	default 1

	default 0

	help

	  This option sets the default value for the 'checkreqprot' flag

	  that determines whether SELinux checks the protection requested
@@ -92,7 +92,7 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE 
	  'checkreqprot=' boot parameter.  It may also be changed at runtime

	  via /selinux/checkreqprot if authorized by policy.



	  If you are unsure how to answer this question, answer 1.

	  If you are unsure how to answer this question, answer 0.



config SECURITY_SELINUX_POLICYDB_VERSION_MAX

	bool "NSA SELinux maximum supported policy format version"