From aeb512d2edda496eb768d4b84a7c7fc2e7d09202 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 11 Jan 2013 14:04:35 -0500
Subject: [PATCH] Disable debugfs access by default.

Change-Id: I8265e34a76913a76eedd2d7a6fe3b14945fde924
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 domain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index ab6876062..9336644af 100644
--- a/domain.te
+++ b/domain.te
@@ -102,7 +102,7 @@ r_dir_file(domain, inotify)
 r_dir_file(domain, cgroup)
 
 # debugfs access
-bool debugfs true;
+bool debugfs false;
 if (debugfs) {
 allow domain debugfs:dir r_dir_perms;
 allow domain debugfs:file rw_file_perms;
-- 
GitLab