Skip to content
Snippets Groups Projects
Commit cdae7deb authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Drop unused rules for raw I/O, mknod, and block device access. 


We added these rules to the kernel domain when we removed them
from unconfined to ensure that we did not break anything.  But
we have seen no uses of these rules and this matches our expectation
that any actual operations that require these permissions occurs
after switching to the init domain.

Change-Id: I6f3556a26b0f6f4e6effcb874bfc9498e7dfaa47
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent f78fb4e0
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 7 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment