trunk: add capability2 class, from Stephen Smalley.
This commit is contained in:
Chris PeBenito
parent
7a5e2d8a37
commit
8b9ffed517
@ -1,3 +1,4 @@
|
|||||||
|
- 64-bit capabilities from Stephen Smalley.
|
||||||
- Labeled networking peer object class updates.
|
- Labeled networking peer object class updates.
|
||||||
|
|
||||||
* Fri Dec 14 2007 Chris PeBenito <selinux@tresys.com> - 20071214
|
* Fri Dec 14 2007 Chris PeBenito <selinux@tresys.com> - 20071214
|
||||||
|
|||||||
@ -347,6 +347,7 @@ class system
|
|||||||
class capability
|
class capability
|
||||||
{
|
{
|
||||||
# The capabilities are defined in include/linux/capability.h
|
# The capabilities are defined in include/linux/capability.h
|
||||||
|
# Capabilities >= 32 are defined in the capability2 class.
|
||||||
# Care should be taken to ensure that these are consistent with
|
# Care should be taken to ensure that these are consistent with
|
||||||
# those definitions. (Order matters)
|
# those definitions. (Order matters)
|
||||||
|
|
||||||
@ -384,6 +385,11 @@ class capability
|
|||||||
setfcap
|
setfcap
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class capability2
|
||||||
|
{
|
||||||
|
mac_override # unused by SELinux
|
||||||
|
mac_admin # unused by SELinux
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Define the access vector interpretation for controlling
|
# Define the access vector interpretation for controlling
|
||||||
|
|||||||
@ -109,4 +109,7 @@ class db_blob # userspace
|
|||||||
# network peer labels
|
# network peer labels
|
||||||
class peer
|
class peer
|
||||||
|
|
||||||
|
# Capabilities >= 32
|
||||||
|
class capability2
|
||||||
|
|
||||||
# FLASK
|
# FLASK
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user