RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

policy_capabilities: add ioctl_skip_cloexec 

Add new future policy capability ioctl_skip_cloexec.

Drop estimate comments from genfs_seclabel_symlinks.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche 2022-03-22 17:55:16 +01:00
parent 9193208a43
commit 9aeabd2a3e
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
policy/policy_capabilities
View File

@ -100,9 +100,17 @@ policycap cgroup_seclabel;
policycap nnp_nosuid_transition;
# Enable extended genfscon labeling for symlinks.
# Requires libsepol 3.1 (estimated) and kernel 5.7 (estimated).
# Requires libsepol 3.1 and kernel 5.7.
#
# Added checks:
# (none)
#
#policycap genfs_seclabel_symlinks;
# Always allow FIOCLEX and FIONCLEX ioctl.
# Requires libsepol 3.4 (estimated) and kernel 5.18 (estimated).
#
# Removed checks:
# common file/socket: ioctl { 0x5450 0x5451 }
#
#policycap ioctl_skip_cloexec;