From 46de44f7d1c64773f63c3e38b7caa3c38fb462de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 14 Feb 2020 19:59:12 +0100
Subject: [PATCH] Add genfs_seclabel_symlinks policy capability

---
 policy/policy_capabilities | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/policy/policy_capabilities b/policy/policy_capabilities
index 206cdda9b..d59c2acc6 100644
--- a/policy/policy_capabilities
+++ b/policy/policy_capabilities
@@ -98,3 +98,11 @@ policycap cgroup_seclabel;
 # process2: nnp_transition, nosuid_transition
 #
 policycap nnp_nosuid_transition;
+
+# Enable extended genfscon labeling for symlinks.
+# Requires libsepol 3.1 (estimated) and kernel 5.6 (estimated).
+#
+# Added checks:
+# (none)
+#
+#policycap genfs_seclabel_symlinks;