Support a SELinux overhaul of systemd by adding a policy capability and adding a library method to obtain a current state of a policy capability. The systemd patch can be found at https://github.com/systemd/systemd/pull/10023 and has NOT yet been accepted. This is just a rfc to test the water. Christian Göttsche (3): libsepol: add policy capability for systemd overhaul libselinux: add security_is_policy_capabilty_enabled() libselinux: add policy capability test binary libselinux/include/selinux/selinux.h | 3 + .../security_is_policy_capability_enabled.3 | 27 ++++++++ libselinux/src/polcap.c | 64 +++++++++++++++++++ libselinux/src/selinux_internal.h | 1 + libselinux/src/selinuxswig_python_exception.i | 9 +++ libselinux/utils/.gitignore | 1 + libselinux/utils/polcap_enabled.c | 30 +++++++++ libsepol/include/sepol/policydb/polcaps.h | 1 + libsepol/src/polcaps.c | 1 + 9 files changed, 137 insertions(+) create mode 100644 libselinux/man/man3/security_is_policy_capability_enabled.3 create mode 100644 libselinux/src/polcap.c create mode 100644 libselinux/utils/polcap_enabled.c -- 2.25.0.rc2
