1<?xml version="1.0" encoding="UTF-8"?> 2<!DOCTYPE policyconfig PUBLIC 3"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" 4"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> 5<policyconfig> 6 7 <vendor>Red Hat Inc.</vendor> 8 <vendor_url>http://www.redhat.com</vendor_url> 9 10 <action id="org.selinux.restorecon"> 11 <description>SELinux write access</description> 12 <message>System policy prevents restorecon access to SELinux</message> 13 <defaults> 14 <allow_any>no</allow_any> 15 <allow_inactive>no</allow_inactive> 16 <allow_active>auth_admin_keep</allow_active> 17 </defaults> 18 </action> 19 <action id="org.selinux.setenforce"> 20 <description>SELinux write access</description> 21 <message>System policy prevents setenforce access to SELinux</message> 22 <defaults> 23 <allow_any>no</allow_any> 24 <allow_inactive>no</allow_inactive> 25 <allow_active>auth_admin_keep</allow_active> 26 </defaults> 27 </action> 28 <action id="org.selinux.semanage"> 29 <description>SELinux write access</description> 30 <message>System policy prevents semanage access to SELinux</message> 31 <defaults> 32 <allow_any>no</allow_any> 33 <allow_inactive>no</allow_inactive> 34 <allow_active>auth_admin_keep</allow_active> 35 </defaults> 36 </action> 37 <action id="org.selinux.customized"> 38 <description>SELinux Read access</description> 39 <message>System policy prevents read access to SELinux</message> 40 <defaults> 41 <allow_any>no</allow_any> 42 <allow_inactive>no</allow_inactive> 43 <allow_active>auth_admin_keep</allow_active> 44 </defaults> 45 </action> 46 <action id="org.selinux.semodule_list"> 47 <description>SELinux list modules access</description> 48 <message>System policy prevents read access to SELinux modules</message> 49 <defaults> 50 <allow_any>no</allow_any> 51 <allow_inactive>no</allow_inactive> 52 <allow_active>auth_admin_keep</allow_active> 53 </defaults> 54 </action> 55 <action id="org.selinux.relabel_on_boot"> 56 <description>SELinux write access</description> 57 <message>System policy prevents relabel_on_boot access to SELinux</message> 58 <defaults> 59 <allow_any>no</allow_any> 60 <allow_inactive>no</allow_inactive> 61 <allow_active>auth_admin_keep</allow_active> 62 </defaults> 63 </action> 64 <action id="org.selinux.change_default_policy"> 65 <description>SELinux write access</description> 66 <message>System policy prevents change_default_policy access to SELinux</message> 67 <defaults> 68 <allow_any>no</allow_any> 69 <allow_inactive>no</allow_inactive> 70 <allow_active>auth_admin_keep</allow_active> 71 </defaults> 72 </action> 73 <action id="org.selinux.change_default_mode"> 74 <description>Change SELinux default enforcing mode</description> 75 <message>System policy prevents change_default_policy access to SELinux</message> 76 <defaults> 77 <allow_any>no</allow_any> 78 <allow_inactive>no</allow_inactive> 79 <allow_active>auth_admin_keep</allow_active> 80 </defaults> 81 </action> 82</policyconfig> 83