* [RFC PATCH] libsepol: Add 'key_perms' policy capability
@ 2020-02-02 19:36 Richard Haines
2020-02-03 15:36 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Richard Haines @ 2020-02-02 19:36 UTC (permalink / raw)
To: selinux; +Cc: dhowells, Richard Haines
Allow the new key class permissions 'inval, revoke, join and clear' to be
handled.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
libsepol/include/sepol/policydb/polcaps.h | 1 +
libsepol/src/polcaps.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
index dc9356a6..de0c67b6 100644
--- a/libsepol/include/sepol/policydb/polcaps.h
+++ b/libsepol/include/sepol/policydb/polcaps.h
@@ -13,6 +13,7 @@ enum {
POLICYDB_CAPABILITY_ALWAYSNETWORK,
POLICYDB_CAPABILITY_CGROUPSECLABEL,
POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
+ POLICYDB_CAPABILITY_KEYPERMS,
__POLICYDB_CAPABILITY_MAX
};
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
index b9dc3526..48213c54 100644
--- a/libsepol/src/polcaps.c
+++ b/libsepol/src/polcaps.c
@@ -12,6 +12,7 @@ static const char *polcap_names[] = {
"always_check_network", /* POLICYDB_CAPABILITY_ALWAYSNETWORK */
"cgroup_seclabel", /* POLICYDB_CAPABILITY_SECLABEL */
"nnp_nosuid_transition", /* POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION */
+ "key_perms", /* POLICYDB_CAPABILITY_KEYPERMS */
NULL
};
--
2.24.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [RFC PATCH] libsepol: Add 'key_perms' policy capability
2020-02-02 19:36 [RFC PATCH] libsepol: Add 'key_perms' policy capability Richard Haines
@ 2020-02-03 15:36 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2020-02-03 15:36 UTC (permalink / raw)
To: Richard Haines, selinux; +Cc: dhowells
On 2/2/20 2:36 PM, Richard Haines wrote:
> Allow the new key class permissions 'inval, revoke, join and clear' to be
> handled.
>
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Since the 'genfs_seclabel_symlinks' policy capability has already been
queued for merge [1][2], I think this one will have to be bumped to the
next policy capability bit after it.
[1]
https://lore.kernel.org/selinux/20200124184221.322248-1-cgzones@googlemail.com/
[2]
https://lore.kernel.org/selinux/20200131183900.3507-1-cgzones@googlemail.com/
> ---
> libsepol/include/sepol/policydb/polcaps.h | 1 +
> libsepol/src/polcaps.c | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
> index dc9356a6..de0c67b6 100644
> --- a/libsepol/include/sepol/policydb/polcaps.h
> +++ b/libsepol/include/sepol/policydb/polcaps.h
> @@ -13,6 +13,7 @@ enum {
> POLICYDB_CAPABILITY_ALWAYSNETWORK,
> POLICYDB_CAPABILITY_CGROUPSECLABEL,
> POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
> + POLICYDB_CAPABILITY_KEYPERMS,
> __POLICYDB_CAPABILITY_MAX
> };
> #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
> diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
> index b9dc3526..48213c54 100644
> --- a/libsepol/src/polcaps.c
> +++ b/libsepol/src/polcaps.c
> @@ -12,6 +12,7 @@ static const char *polcap_names[] = {
> "always_check_network", /* POLICYDB_CAPABILITY_ALWAYSNETWORK */
> "cgroup_seclabel", /* POLICYDB_CAPABILITY_SECLABEL */
> "nnp_nosuid_transition", /* POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION */
> + "key_perms", /* POLICYDB_CAPABILITY_KEYPERMS */
> NULL
> };
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-02-03 15:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-02 19:36 [RFC PATCH] libsepol: Add 'key_perms' policy capability Richard Haines
2020-02-03 15:36 ` Stephen Smalley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).