<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> <policyconfig> <vendor>Red Hat Inc.</vendor> <vendor_url>http://www.redhat.com</vendor_url> <action id="org.selinux.restorecon"> <description>SELinux write access</description> <message>System policy prevents restorecon access to SELinux</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> <action id="org.selinux.setenforce"> <description>SELinux write access</description> <message>System policy prevents setenforce access to SELinux</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> <action id="org.selinux.semanage"> <description>SELinux write access</description> <message>System policy prevents semanage access to SELinux</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> <action id="org.selinux.customized"> <description>SELinux Read access</description> <message>System policy prevents read access to SELinux</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> <action id="org.selinux.semodule_list"> <description>SELinux list modules access</description> <message>System policy prevents read access to SELinux modules</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> <action id="org.selinux.relabel_on_boot"> <description>SELinux write access</description> <message>System policy prevents relabel_on_boot access to SELinux</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> <action id="org.selinux.change_default_policy"> <description>SELinux write access</description> <message>System policy prevents change_default_policy access to SELinux</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> <action id="org.selinux.change_policy_type"> <description>SELinux write access</description> <message>System policy prevents change_policy_type access to SELinux</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> </policyconfig>