RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-29 08:42:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol: Add 'ioctl_skip_cloexec' policy capability

Browse Source 
If 'ioctl_skip_cloexec' set, kernel will always allow FIOCLEX and FIONCLEX
ioctls.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This commit is contained in:
Richard Haines 2022-02-25 17:55:49 +00:00 committed by James Carter
parent c79d38ff0c
commit 71bcdcc943
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libsepol/include/sepol/policydb/polcaps.h
View File

@ -14,6 +14,7 @@ enum {
POLICYDB_CAPABILITY_CGROUPSECLABEL, POLICYDB_CAPABILITY_CGROUPSECLABEL,
POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION, POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS, POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS,
POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC,
__POLICYDB_CAPABILITY_MAX __POLICYDB_CAPABILITY_MAX
}; };
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)

1
libsepol/src/polcaps.c
View File

@ -13,6 +13,7 @@ static const char * const polcap_names[] = {
"cgroup_seclabel", /* POLICYDB_CAPABILITY_SECLABEL */ "cgroup_seclabel", /* POLICYDB_CAPABILITY_SECLABEL */
"nnp_nosuid_transition", /* POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION */ "nnp_nosuid_transition", /* POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION */
"genfs_seclabel_symlinks", /* POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS */ "genfs_seclabel_symlinks", /* POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS */
"ioctl_skip_cloexec", /* POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC */
NULL NULL
}; };