On Mar 2, 2025 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgoettsche@xxxxxxxxxxxxx> wrote: > > Add support for wildcard matching of network interface names. This is > useful for auto-generated interfaces, for example podman creates network > interfaces for containers with the naming scheme podman0, podman1, > podman2, ... > > To maintain backward compatibility guard this feature with a new policy > capability 'netif_wildcard'. > > Netifcon definitions are compared against in the order given by the > policy, so userspace tools should sort them in a reasonable order. > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > --- > v2: add policy capability netif_wildcard > --- > security/selinux/include/policycap.h | 1 + > security/selinux/include/policycap_names.h | 1 + > security/selinux/include/security.h | 8 +++++++- > security/selinux/ss/services.c | 16 +++++++++++++--- > 4 files changed, 22 insertions(+), 4 deletions(-) Looks good, merged into selinux/dev, thanks! -- paul-moore.com
