[selinux-policy: 1894/3172] trunk: add capability2 class, from Stephen Smalley.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:48:44 UTC 2010
commit 8b9ffed517a62e3a454543c167c39e53c202e7ee
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Feb 7 17:51:59 2008 +0000
trunk: add capability2 class, from Stephen Smalley.
Changelog | 1 +
policy/flask/access_vectors | 6 ++++++
policy/flask/security_classes | 3 +++
3 files changed, 10 insertions(+), 0 deletions(-)
---
diff --git a/Changelog b/Changelog
index 38bf947..183a98d 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- 64-bit capabilities from Stephen Smalley.
- Labeled networking peer object class updates.
* Fri Dec 14 2007 Chris PeBenito <selinux at tresys.com> - 20071214
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 45d9773..736b7b5 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -347,6 +347,7 @@ class system
class capability
{
# The capabilities are defined in include/linux/capability.h
+ # Capabilities >= 32 are defined in the capability2 class.
# Care should be taken to ensure that these are consistent with
# those definitions. (Order matters)
@@ -384,6 +385,11 @@ class capability
setfcap
}
+class capability2
+{
+ mac_override # unused by SELinux
+ mac_admin # unused by SELinux
+}
#
# Define the access vector interpretation for controlling
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 121fcbc..68c4374 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -109,4 +109,7 @@ class db_blob # userspace
# network peer labels
class peer
+# Capabilities >= 32
+class capability2
+
# FLASK
More information about the scm-commits
mailing list