SELinux: include definition of new capabilities

The kernel has added CAP_WAKE_ALARM and CAP_EPOLLWAKEUP. We need to define these in SELinux so they can be mediated by policy. Change-Id: I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2 Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> [sds: rename epollwakeup to block_suspend to match upstream merge] Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Yu <davyu@nvidia.com> Reviewed-on: http://git-master/r/368033 Reviewed-by: Harry Hong <hhong@nvidia.com> Tested-by: Harry Hong <hhong@nvidia.com>
author: Eric Paris <eparis@redhat.com> 2013-11-07 22:25:46 +0000
committer: Harry Hong <hhong@nvidia.com> 2014-02-19 00:24:24 -0800
commit: e8150c2f2987f991c63649d5a780dc5e5b98941e (patch)
tree: bdf07175348f1e688bc5d9a39982a4dd46d87870 /security
parent: 6695672df39a52c11b62664f5c9a303d2371ce27 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index b8c53723e09b..df2de54a958d 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -145,7 +145,9 @@ struct security_class_mapping secclass_map[] = {
 	    "node_bind", "name_connect", NULL } },
 	{ "memprotect", { "mmap_zero", NULL } },
 	{ "peer", { "recv", NULL } },
-	{ "capability2", { "mac_override", "mac_admin", "syslog", NULL } },
+	{ "capability2",
+	  { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend",
+	    NULL } },
 	{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
 	{ "tun_socket",
 	  { COMMON_SOCK_PERMS, NULL } },
author	Eric Paris <eparis@redhat.com>	2013-11-07 22:25:46 +0000
committer	Harry Hong <hhong@nvidia.com>	2014-02-19 00:24:24 -0800
commit	e8150c2f2987f991c63649d5a780dc5e5b98941e (patch)
tree	bdf07175348f1e688bc5d9a39982a4dd46d87870 /security
parent	6695672df39a52c11b62664f5c9a303d2371ce27 (diff)