From c51b772d2f49f13c19c87d2ad0cf9f3bdf87e05d Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Sat, 5 Aug 2017 12:15:02 -0400 Subject: [PATCH] Add cgroup_seclabel policycap. --- policy/policy_capabilities | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/policy/policy_capabilities b/policy/policy_capabilities index 4f2a97afb..a6987a44d 100644 --- a/policy/policy_capabilities +++ b/policy/policy_capabilities @@ -84,6 +84,13 @@ policycap open_perms; # policycap extended_socket_class; +# Enable fine-grained labeling of cgroup and cgroup2 filesystems. +# Requires Linux v4.11 and later. +# +# Added checks: +# (none) +#policycap cgroup_seclabel; + # Enable NoNewPrivileges support. Requires libsepol 2.7+ # and kernel 4.14 (estimated). #