Mar 11, 2025 10:42:22 Takaya Saeki <takayas@xxxxxxxxxxxx>: > Hello, now this patch no longer appends "*" in the kernel space. > I tested this patch on Debian by creating a modified SELinux policy > where all genfs rules were followed by a trailing '*" and the new > genfs_seclabel_wildcard cap were enabled. Both the new policy with the > capability enabled and Debian's default policy without that policy > capability made correct labels. > >> + bool wildcard = 0; > I overlooked that this should be `= true`. I can fix it. Or maybe drop this assignment, since tge variable is always assigned later on (and modern compilers are good at warning about uninitialized local variables). On another point maybe this feature can be combined under the new policy capability netif_wildcard, to avoid adding two?
