* Ondrej Mosnacek:
Kernel 5.12 added support to SELinux for controlling access to the
userfaultfd interface [1][2] and we'd like to implement this in
Fedora's selinux-policy. However, once we add the corresponding class
to the policy, all SELinux domains for which we don't add the
appropriate rules will have any usage of userfaultfd(2) denied.
What's special about this system call that this is necessary?
Thanks,
Florian