projects
/
GitHub
/
MotorolaMobilityLLC
/
kernel-slsi.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
918227b
)
SELinux: include definition of new capabilities
author
Eric Paris
<eparis@redhat.com>
Fri, 6 Jul 2012 18:13:29 +0000
(14:13 -0400)
committer
James Morris
<james.l.morris@oracle.com>
Mon, 16 Jul 2012 01:40:31 +0000
(11:40 +1000)
The kernel has added CAP_WAKE_ALARM and CAP_EPOLLWAKEUP. We need to
define these in SELinux so they can be mediated by policy.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/selinux/include/classmap.h
patch
|
blob
|
blame
|
history
diff --git
a/security/selinux/include/classmap.h
b/security/selinux/include/classmap.h
index b8c53723e09bfe7d6c211bc05df35793ae9ac8b2..0b04fd9e9e3e95bbc6a664be5b80e2b0407f6b3f 100644
(file)
--- a/
security/selinux/include/classmap.h
+++ b/
security/selinux/include/classmap.h
@@
-145,7
+145,9
@@
struct security_class_mapping secclass_map[] = {
"node_bind", "name_connect", NULL } },
{ "memprotect", { "mmap_zero", NULL } },
{ "peer", { "recv", NULL } },
- { "capability2", { "mac_override", "mac_admin", "syslog", NULL } },
+ { "capability2",
+ { "mac_override", "mac_admin", "syslog", "wake_alarm", "epollwakeup",
+ NULL } },
{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
{ "tun_socket",
{ COMMON_SOCK_PERMS, NULL } },