From ed15e29a3cf6bb0c219a1347d4fc6a840bfe20a6 Mon Sep 17 00:00:00 2001
From: John Turner <jturner.usa@gmail.com>
Date: Wed, 27 Aug 2025 22:19:51 -0400
Subject: only allow reading self files in .subj.common

---
 src/subj/common.cil | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/subj/common.cil')

diff --git a/src/subj/common.cil b/src/subj/common.cil
index 838ea60..3530e9d 100644
--- a/src/subj/common.cil
+++ b/src/subj/common.cil
@@ -30,7 +30,7 @@
         (allow typeattr self list_dir)
         (allow typeattr self read_lnk_file)
         (allow typeattr self readwrite_fifo_file)
-        (allow typeattr self readwrite_file)
+        (allow typeattr self read_file)
 
         ;; procfs
         (call .proc.read_fs_lnk_files (typeattr))
-- 
cgit v1.2.3