From: Ondrej Mosnacek <omosnace@redhat.com>
To: selinux@vger.kernel.org
Subject: [PATCH userspace 2/2] libsepol: add support for the new "init" initial SID
Date: Mon, 12 Jun 2023 11:31:07 +0200 [thread overview]
Message-ID: <20230612093107.1066410-3-omosnace@redhat.com> (raw)
In-Reply-To: <20230612093107.1066410-1-omosnace@redhat.com>
Resurrect the naming of the "init" initial SID, as it has been
reintroduced in the kernel. Also add the new "userspace_initial_context"
policy capability that is used to enable the new semantics for this
initial SID.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
libsepol/include/sepol/policydb/polcaps.h | 1 +
libsepol/src/kernel_to_common.h | 2 +-
libsepol/src/polcaps.c | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
index f5e32e60..14bcc6cb 100644
--- a/libsepol/include/sepol/policydb/polcaps.h
+++ b/libsepol/include/sepol/policydb/polcaps.h
@@ -15,6 +15,7 @@ enum {
POLICYDB_CAP_NNP_NOSUID_TRANSITION,
POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS,
POLICYDB_CAP_IOCTL_SKIP_CLOEXEC,
+ POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT,
__POLICYDB_CAP_MAX
};
#define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1)
diff --git a/libsepol/src/kernel_to_common.h b/libsepol/src/kernel_to_common.h
index 6073ff3a..5d927a3d 100644
--- a/libsepol/src/kernel_to_common.h
+++ b/libsepol/src/kernel_to_common.h
@@ -20,7 +20,7 @@ static const char * const selinux_sid_to_str[] = {
NULL,
"file",
NULL,
- NULL,
+ "init",
"any_socket",
"port",
"netif",
diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
index 687e971c..be12580a 100644
--- a/libsepol/src/polcaps.c
+++ b/libsepol/src/polcaps.c
@@ -14,6 +14,7 @@ static const char * const polcap_names[] = {
"nnp_nosuid_transition", /* POLICYDB_CAP_NNP_NOSUID_TRANSITION */
"genfs_seclabel_symlinks", /* POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS */
"ioctl_skip_cloexec", /* POLICYDB_CAP_IOCTL_SKIP_CLOEXEC */
+ "userspace_initial_context", /* POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT */
NULL
};
--
2.40.1
prev parent reply other threads:[~2023-06-12 9:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-12 9:31 [PATCH userspace 0/2] Introduce an initial SID for early boot processes Ondrej Mosnacek
2023-06-12 9:31 ` [PATCH userspace 1/2] libsepol: stop translating deprecated intial SIDs to strings Ondrej Mosnacek
2023-06-23 19:10 ` James Carter
2023-06-30 8:32 ` Petr Lautrbach
2023-06-12 9:31 ` Ondrej Mosnacek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230612093107.1066410-3-omosnace@redhat.com \
--to=omosnace@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.