diff options
author | Eric Paris <eparis@redhat.com> | 2013-11-07 22:25:46 +0000 |
---|---|---|
committer | Harry Hong <hhong@nvidia.com> | 2014-02-19 00:24:24 -0800 |
commit | e8150c2f2987f991c63649d5a780dc5e5b98941e (patch) | |
tree | bdf07175348f1e688bc5d9a39982a4dd46d87870 /security | |
parent | 6695672df39a52c11b62664f5c9a303d2371ce27 (diff) |
SELinux: include definition of new capabilities
The kernel has added CAP_WAKE_ALARM and CAP_EPOLLWAKEUP. We need to
define these in SELinux so they can be mediated by policy.
Change-Id: I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
[sds: rename epollwakeup to block_suspend to match upstream merge]
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Yu <davyu@nvidia.com>
Reviewed-on: http://git-master/r/368033
Reviewed-by: Harry Hong <hhong@nvidia.com>
Tested-by: Harry Hong <hhong@nvidia.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/include/classmap.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index b8c53723e09b..df2de54a958d 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -145,7 +145,9 @@ struct security_class_mapping secclass_map[] = { "node_bind", "name_connect", NULL } }, { "memprotect", { "mmap_zero", NULL } }, { "peer", { "recv", NULL } }, - { "capability2", { "mac_override", "mac_admin", "syslog", NULL } }, + { "capability2", + { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend", + NULL } }, { "kernel_service", { "use_as_override", "create_files_as", NULL } }, { "tun_socket", { COMMON_SOCK_PERMS, NULL } }, |