* [PATCH] libsepol: Add 'ioctl_skip_cloexec' policy capability
@ 2022-02-24 12:41 Richard Haines
0 siblings, 0 replies; only message in thread
From: Richard Haines @ 2022-02-24 12:41 UTC (permalink / raw)
To: selinux; +Cc: paul, demiobenour, Richard Haines
If 'ioctl_skip_cloexec' set, kernel will always allow FIOCLEX and FIONCLEX
ioctls.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
libsepol/include/sepol/policydb/polcaps.h | 1 +
libsepol/src/polcaps.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
index 40669fb5..05326f5a 100644
--- a/libsepol/include/sepol/policydb/polcaps.h
+++ b/libsepol/include/sepol/policydb/polcaps.h
@@ -14,6 +14,7 @@ enum {
POLICYDB_CAPABILITY_CGROUPSECLABEL,
POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS,
+ POLICYDB_CAPABILITY_IOCTL_CLOEXEC,
__POLICYDB_CAPABILITY_MAX
};
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
index 6a74ec7d..218df65e 100644
--- a/libsepol/src/polcaps.c
+++ b/libsepol/src/polcaps.c
@@ -13,6 +13,7 @@ static const char * const polcap_names[] = {
"cgroup_seclabel", /* POLICYDB_CAPABILITY_SECLABEL */
"nnp_nosuid_transition", /* POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION */
"genfs_seclabel_symlinks", /* POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS */
+ "ioctl_skip_cloexec", /* POLICYDB_CAPABILITY_IOCTL_CLOEXEC */
NULL
};
--
2.35.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-02-24 12:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-24 12:41 [PATCH] libsepol: Add 'ioctl_skip_cloexec' policy capability Richard Haines
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.