only allow reading self files in .subj.common

author: John Turner <jturner.usa@gmail.com> 2025-08-27 22:19:51 -0400
committer: John Turner <jturner.usa@gmail.com> 2025-08-27 22:19:51 -0400
commit: ed15e29a3cf6bb0c219a1347d4fc6a840bfe20a6 (patch)
tree: fd1736f8bcfce77254144983768475f0c4e4e422
parent: 7b20e7b677b71052986961e68c9162ab7d6dbb55 (diff)
download: selinux-policy-ed15e29a3cf6bb0c219a1347d4fc6a840bfe20a6.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/subj/common.cil b/src/subj/common.cil
index 838ea60..3530e9d 100644
--- a/src/subj/common.cil
+++ b/src/subj/common.cil
@@ -30,7 +30,7 @@
         (allow typeattr self list_dir)
         (allow typeattr self read_lnk_file)
         (allow typeattr self readwrite_fifo_file)
-        (allow typeattr self readwrite_file)
+        (allow typeattr self read_file)
 
         ;; procfs
         (call .proc.read_fs_lnk_files (typeattr))
author	John Turner <jturner.usa@gmail.com>	2025-08-27 22:19:51 -0400
committer	John Turner <jturner.usa@gmail.com>	2025-08-27 22:19:51 -0400
commit	ed15e29a3cf6bb0c219a1347d4fc6a840bfe20a6 (patch)
tree	fd1736f8bcfce77254144983768475f0c4e4e422
parent	7b20e7b677b71052986961e68c9162ab7d6dbb55 (diff)
download	selinux-policy-ed15e29a3cf6bb0c219a1347d4fc6a840bfe20a6.tar.gz