Enable expand-check in semanage.conf

libsepol was fixed before release 2.4 and expand-check=1 doesn't make a big time penalty. On the other hand, it's helpful to make it enabled by default. Resolves: rhbz#1319652
2016-03-21 11:15:41 +01:00 · 2016-03-21 11:15:41 +01:00 · e2707be9e1
parent ef444a88f3
commit e2707be9e1
1 changed files with 4 additions and 3 deletions
--- a/semanage.conf
+++ b/semanage.conf
@ -36,9 +36,10 @@ module-store = direct
 # version is necessary.
 #policy-version = 19

-# expand-check check neverallow rules when executing all semanage commands.
-# Large penalty in time if you turn this on.  
-expand-check=0
+# expand-check check neverallow rules when executing all semanage
+# commands. There might be a penalty in execution time if this
+# option is enabled.
+expand-check = 1

 # usepasswd check tells semanage to scan all pass word records for home directories
 # and setup the labeling correctly.  If this is turned off, SELinux will label /home