mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-17 10:50:43 +00:00
libsepol: Add 'ioctl_skip_cloexec' policy capability
If 'ioctl_skip_cloexec' set, kernel will always allow FIOCLEX and FIONCLEX ioctls. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This commit is contained in:
parent
c79d38ff0c
commit
71bcdcc943
@ -14,6 +14,7 @@ enum {
|
||||
POLICYDB_CAPABILITY_CGROUPSECLABEL,
|
||||
POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
|
||||
POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS,
|
||||
POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC,
|
||||
__POLICYDB_CAPABILITY_MAX
|
||||
};
|
||||
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
|
||||
|
@ -13,6 +13,7 @@ static const char * const polcap_names[] = {
|
||||
"cgroup_seclabel", /* POLICYDB_CAPABILITY_SECLABEL */
|
||||
"nnp_nosuid_transition", /* POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION */
|
||||
"genfs_seclabel_symlinks", /* POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS */
|
||||
"ioctl_skip_cloexec", /* POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC */
|
||||
NULL
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user