diff mbox series

libsepol: Add 'ioctl_skip_cloexec' policy capability

Message ID 20220224124131.44094-1-richard_c_haines@btinternet.com (mailing list archive)
State Accepted
Commit 71bcdcc9436f
Headers show
Series libsepol: Add 'ioctl_skip_cloexec' policy capability | expand

Commit Message

Richard Haines Feb. 24, 2022, 12:41 p.m. UTC 
If 'ioctl_skip_cloexec' set, kernel will always allow FIOCLEX and FIONCLEX
ioctls.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 libsepol/include/sepol/policydb/polcaps.h | 1 +
 libsepol/src/polcaps.c                    | 1 +
 2 files changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
index 40669fb5..05326f5a 100644
--- a/libsepol/include/sepol/policydb/polcaps.h
+++ b/libsepol/include/sepol/policydb/polcaps.h
@@ -14,6 +14,7 @@  enum {
 	POLICYDB_CAPABILITY_CGROUPSECLABEL,
 	POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
 	POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS,
+	POLICYDB_CAPABILITY_IOCTL_CLOEXEC,
 	__POLICYDB_CAPABILITY_MAX
 };
 #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
index 6a74ec7d..218df65e 100644
--- a/libsepol/src/polcaps.c
+++ b/libsepol/src/polcaps.c
@@ -13,6 +13,7 @@  static const char * const polcap_names[] = {
 	"cgroup_seclabel",		/* POLICYDB_CAPABILITY_SECLABEL */
 	"nnp_nosuid_transition",	/* POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION */
 	"genfs_seclabel_symlinks",	/* POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS */
+	"ioctl_skip_cloexec",		/* POLICYDB_CAPABILITY_IOCTL_CLOEXEC */
 	NULL
 };