Update the kernel module so that it always runs in confined mode
and never runs in unconfined mode for maximum security.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/kernel/kernel.te | 4 ----
1 file changed, 4 deletions(-)
diff -pru a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
--- a/policy/modules/kernel/kernel.te 2016-12-27 22:41:00.664390360 +0100
+++ b/policy/modules/kernel/kernel.te 2016-12-28 16:37:35.176698945 +0100
@@ -441,10 +441,6 @@ optional_policy(`
seutil_domtrans_setfiles(kernel_t)
')
-optional_policy(`
- unconfined_domain_noaudit(kernel_t)
-')
-
########################################
#
# Unlabeled process local policy
On 12/28/16 10:45, Guido Trentalancia via refpolicy wrote:
> Update the kernel module so that it always runs in confined mode
> and never runs in unconfined mode for maximum security.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/kernel/kernel.te | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff -pru a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
> --- a/policy/modules/kernel/kernel.te 2016-12-27 22:41:00.664390360 +0100
> +++ b/policy/modules/kernel/kernel.te 2016-12-28 16:37:35.176698945 +0100
> @@ -441,10 +441,6 @@ optional_policy(`
> seutil_domtrans_setfiles(kernel_t)
> ')
>
> -optional_policy(`
> - unconfined_domain_noaudit(kernel_t)
> -')
> -
NAK (see other thread)
--
Chris PeBenito