| Message ID | 20240822003757.1998016-3-tweek@google.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 9c7c6e15a2c6 |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [1/3] libsepol: Rename ioctl xperms structures and functions | expand |
On Wed, Aug 21, 2024 at 8:39 PM Thiébaud Weksteen <tweek@google.com> wrote: > > This capability can be enabled to change the kernel's behaviour and use > the extended permissions for netlink messages. > > Signed-off-by: Thiébaud Weksteen <tweek@google.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> > --- > libsepol/include/sepol/policydb/polcaps.h | 1 + > libsepol/src/polcaps.c | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h > index 14bcc6cb..1aa9b30a 100644 > --- a/libsepol/include/sepol/policydb/polcaps.h > +++ b/libsepol/include/sepol/policydb/polcaps.h > @@ -16,6 +16,7 @@ enum { > POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS, > POLICYDB_CAP_IOCTL_SKIP_CLOEXEC, > POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT, > + POLICYDB_CAP_NETLINK_XPERM, > __POLICYDB_CAP_MAX > }; > #define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1) > diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c > index 8289443a..6b28c84e 100644 > --- a/libsepol/src/polcaps.c > +++ b/libsepol/src/polcaps.c > @@ -15,6 +15,7 @@ static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = { > [POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS] = "genfs_seclabel_symlinks", > [POLICYDB_CAP_IOCTL_SKIP_CLOEXEC] = "ioctl_skip_cloexec", > [POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT] = "userspace_initial_context", > + [POLICYDB_CAP_NETLINK_XPERM] = "netlink_xperm", > }; > > int sepol_polcap_getnum(const char *name) > -- > 2.46.0.184.g6999bdac58-goog >
diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h index 14bcc6cb..1aa9b30a 100644 --- a/libsepol/include/sepol/policydb/polcaps.h +++ b/libsepol/include/sepol/policydb/polcaps.h @@ -16,6 +16,7 @@ enum { POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS, POLICYDB_CAP_IOCTL_SKIP_CLOEXEC, POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT, + POLICYDB_CAP_NETLINK_XPERM, __POLICYDB_CAP_MAX }; #define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1) diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c index 8289443a..6b28c84e 100644 --- a/libsepol/src/polcaps.c +++ b/libsepol/src/polcaps.c @@ -15,6 +15,7 @@ static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = { [POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS] = "genfs_seclabel_symlinks", [POLICYDB_CAP_IOCTL_SKIP_CLOEXEC] = "ioctl_skip_cloexec", [POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT] = "userspace_initial_context", + [POLICYDB_CAP_NETLINK_XPERM] = "netlink_xperm", }; int sepol_polcap_getnum(const char *name)
This capability can be enabled to change the kernel's behaviour and use the extended permissions for netlink messages. Signed-off-by: Thiébaud Weksteen <tweek@google.com> --- libsepol/include/sepol/policydb/polcaps.h | 1 + libsepol/src/polcaps.c | 1 + 2 files changed, 2 insertions(+)