| Message ID | 20200721195726.1975554-1-dominick.grift@defensec.nl (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [SELinux-notebook,v2] lsm_selinux: document genfs_seclabel_symlinks policy capability | expand |
On Tue, Jul 21, 2020 at 3:58 PM Dominick Grift <dominick.grift@defensec.nl> wrote: > > This was added with Linux 5.7 and SELinux 3.1 > > Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
On Tue, Jul 21, 2020 at 3:57 PM Dominick Grift <dominick.grift@defensec.nl> wrote: > > This was added with Linux 5.7 and SELinux 3.1 > > Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> > --- > v2: copied and pasted feedback from Stephen Smalley > > src/lsm_selinux.md | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/src/lsm_selinux.md b/src/lsm_selinux.md > index a400c36..f762614 100644 > --- a/src/lsm_selinux.md > +++ b/src/lsm_selinux.md > @@ -676,6 +676,11 @@ interface, it is not recommended - use the **libselinux** or **libsepol** librar > <td>Enables the use of separate socket security classes for all network address families rather than the generic socket class.</td> > </tr> > <tr> > +<td>genfs_seclabel_symlinks</td> > +<td>-r--r--r--</td> > +<td>Enables fine-grained labeling of symlinks in pseudo filesystems based on genfscon rules.</td> > +</tr> > +<tr> > <td>network_peer_controls</td> > <td>-r--r--r--</td> > <td><p>If true the following network_peer_controls are enabled:</p> > -- > 2.27.0 Merged into main, thanks!
diff --git a/src/lsm_selinux.md b/src/lsm_selinux.md index a400c36..f762614 100644 --- a/src/lsm_selinux.md +++ b/src/lsm_selinux.md @@ -676,6 +676,11 @@ interface, it is not recommended - use the **libselinux** or **libsepol** librar <td>Enables the use of separate socket security classes for all network address families rather than the generic socket class.</td> </tr> <tr> +<td>genfs_seclabel_symlinks</td> +<td>-r--r--r--</td> +<td>Enables fine-grained labeling of symlinks in pseudo filesystems based on genfscon rules.</td> +</tr> +<tr> <td>network_peer_controls</td> <td>-r--r--r--</td> <td><p>If true the following network_peer_controls are enabled:</p>
This was added with Linux 5.7 and SELinux 3.1 Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> --- v2: copied and pasted feedback from Stephen Smalley src/lsm_selinux.md | 5 +++++ 1 file changed, 5 insertions(+)