RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-17 19:54:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol: Add policy capability netlink_xperm

Browse Source 
This capability can be enabled to change the kernel's behaviour and use
the extended permissions for netlink messages.

Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
This commit is contained in:
Thiébaud Weksteen 2024-08-22 10:37:57 +10:00 committed by James Carter
parent ba7945a250
commit 9c7c6e15a2
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libsepol/include/sepol/policydb/polcaps.h
View File

@ -16,6 +16,7 @@ enum {
POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS,
POLICYDB_CAP_IOCTL_SKIP_CLOEXEC,
POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT,
POLICYDB_CAP_NETLINK_XPERM,
__POLICYDB_CAP_MAX
};
#define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1)

1
libsepol/src/polcaps.c
View File

@ -15,6 +15,7 @@ static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = {
[POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS] = "genfs_seclabel_symlinks",
[POLICYDB_CAP_IOCTL_SKIP_CLOEXEC] = "ioctl_skip_cloexec",
[POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT] = "userspace_initial_context",
[POLICYDB_CAP_NETLINK_XPERM] = "netlink_xperm",
};
int sepol_polcap_getnum(const char *name)