* Ondrej Mosnacek: > Kernel 5.12 added support to SELinux for controlling access to the > userfaultfd interface [1][2] and we'd like to implement this in > Fedora's selinux-policy. However, once we add the corresponding class > to the policy, all SELinux domains for which we don't add the > appropriate rules will have any usage of userfaultfd(2) denied. What's special about this system call that this is necessary? Thanks, Florian _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure