Update libsepol with the new policy capability needed to classify
sockets in the AF_ALG namespace (Crypto API).
Signed-off-by: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
---
include/sepol/policydb/polcaps.h | 1 +
src/polcaps.c | 1 +
2 files changed, 2 insertions(+)
diff -pru libsepol-git-23082016/include/sepol/policydb/polcaps.h libsepol-git-23082016-alg_socket/include/sepol/policydb/polcaps.h
--- libsepol-git-23082016/include/sepol/policydb/polcaps.h 2016-08-23 17:08:58.690837319 +0200
+++ libsepol-git-23082016-alg_socket/include/sepol/policydb/polcaps.h 2016-08-23 17:13:52.794644956 +0200
@@ -11,6 +11,7 @@ enum {
POLICYDB_CAPABILITY_OPENPERM,
POLICYDB_CAPABILITY_REDHAT1, /* reserved for RH testing of ptrace_child */
POLICYDB_CAPABILITY_ALWAYSNETWORK,
+ POLICYDB_CAPABILITY_ALGSOCKET, /* Crypto API socket namespace */
__POLICYDB_CAPABILITY_MAX
};
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
diff -pru libsepol-git-23082016/src/polcaps.c libsepol-git-23082016-alg_socket/src/polcaps.c
--- libsepol-git-23082016/src/polcaps.c 2016-08-23 17:08:58.696837395 +0200
+++ libsepol-git-23082016-alg_socket/src/polcaps.c 2016-08-23 17:11:49.145026939 +0200
@@ -10,6 +10,7 @@ static const char *polcap_names[] = {
"open_perms", /* POLICYDB_CAPABILITY_OPENPERM */
"redhat1", /* POLICYDB_CAPABILITY_REDHAT1, aka ptrace_child */
"always_check_network", /* POLICYDB_CAPABILITY_ALWAYSNETWORK */
+ "alg_socket", /* POLICYDB_CAPABILITY_ALGSOCKET (Crypto API socket namespace) */
NULL
};
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
