Re: [PATCH] selinux: Add netlink xperm support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Aug 21, 2024 at 8:56 PM Thiébaud Weksteen <tweek@xxxxxxxxxx> wrote:
>
> On Wed, Aug 21, 2024 at 5:54 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> >
> > On Tue, Aug 20, 2024 at 2:02 PM Stephen Smalley
> > <stephen.smalley.work@xxxxxxxxx> wrote:
> >
> > Thank you for reviving this patch.
> > Do you have a corresponding userspace patch? And for extra credit, a
> > selinux-testsuite patch?
> >
>
> Thank you for the quick response and initial feedback. I've just sent
> the libsepol patches for userland on this mailing list.
> For selinux-testsuite, an issue I came across while testing is that
> the policy capabilities cannot be updated (that is, only the
> capabilities from the original host policy are active). I am not sure
> if I got that right or if there is any obvious solution (except
> toggling on the new capability in Fedora).
> I'm still hoping to get the extra credits by: updating the selinux
> notebook documentation as well as updating setools (for sesearch
> support). :) I will send pull requests if these patches get accepted.

With your userspace patches, can't you just do this:
$ cat netlink_xperm.cil
(policycap netlink_xperm)
$ sudo semodule -i netlink_xperm.cil

If so, then you can add that along with corresponding allowxperm rules
to the test policy to exercise this.





[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux