Make kernel / init enforcing
Start running in enforcing mode for kernel / init. This should be mostly a no-op, as the kernel / init is in the unconfined domain. Change-Id: I8273d936c9a4eecb50b78ae93490a4dd52f59eb6
This commit is contained in:
Nick Kralevich
parent
a771671877
commit
b1d81645b3
2 changed files with 0 additions and 2 deletions
1
init.te
1
init.te
|
|
@ -1,6 +1,5 @@
|
|||
# init switches to init domain (via init.rc).
|
||||
type init, domain;
|
||||
permissive init;
|
||||
# init is unconfined.
|
||||
unconfined_domain(init)
|
||||
tmpfs_domain(init)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
# Life begins with the kernel.
|
||||
type kernel, domain;
|
||||
permissive kernel;
|
||||
# The kernel is unconfined.
|
||||
unconfined_domain(kernel)
|
||||
relabelto_domain(kernel)
|
||||
|
|
|
|||
Loading…
Reference in a new issue