d99e6d5fa1
Also make su and shell permissive in non-user builds to allow use of setenforce without violating the neverallow rule. Change-Id: Ie76ee04e90d5a76dfaa5f56e9e3eb7e283328a3f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
9 lines
196 B
Text
9 lines
196 B
Text
type su, domain;
|
|
type su_exec, exec_type, file_type;
|
|
domain_auto_trans(shell, su_exec, su)
|
|
|
|
# su is unconfined.
|
|
unconfined_domain(su)
|
|
|
|
# su is also permissive to permit setenforce.
|
|
permissive su;
|