diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-12 16:21:00 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-12 16:21:00 -0400 |
| commit | 7f85565a3f7194b966de71926471d69788b6b9c3 (patch) | |
| tree | 95f93ab1d18dc1121cd5ec71309c7e6cb4dedc7b /security/selinux/include/security.h | |
| parent | 680352bda57e3dbf21cddf6a5e23aff7e294fb31 (diff) | |
| parent | 0c3014f22dec0e1d14c8298551bfb6434638bdd9 (diff) | |
Merge tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
"A relatively quiet period for SELinux, 11 patches with only two/three
having any substantive changes.
These noteworthy changes include another tweak to the NNP/nosuid
handling, per-file labeling for cgroups, and an object class fix for
AF_UNIX/SOCK_RAW sockets; the rest of the changes are minor tweaks or
administrative updates (Stephen's email update explains the file
explosion in the diffstat).
Everything passes the selinux-testsuite"
[ Also a couple of small patches from the security tree from Tetsuo
Handa for Tomoyo and LSM cleanup. The separation of security policy
updates wasn't all that clean - Linus ]
* tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: constify nf_hook_ops
selinux: allow per-file labeling for cgroupfs
lsm_audit: update my email address
selinux: update my email address
MAINTAINERS: update the NetLabel and Labeled Networking information
selinux: use GFP_NOWAIT in the AVC kmem_caches
selinux: Generalize support for NNP/nosuid SELinux domain transitions
selinux: genheaders should fail if too many permissions are defined
selinux: update the selinux info in MAINTAINERS
credits: update Paul Moore's info
selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets
tomoyo: Update URLs in Documentation/admin-guide/LSM/tomoyo.rst
LSM: Remove security_task_create() hook.
Diffstat (limited to 'security/selinux/include/security.h')
| -rw-r--r-- | security/selinux/include/security.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index e91f08c16c0b..28dfb2f93e4d 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | /* | 1 | /* |
| 2 | * Security server interface. | 2 | * Security server interface. |
| 3 | * | 3 | * |
| 4 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> | 4 | * Author : Stephen Smalley, <sds@tycho.nsa.gov> |
| 5 | * | 5 | * |
| 6 | */ | 6 | */ |
| 7 | 7 | ||
| @@ -73,6 +73,7 @@ enum { | |||
| 73 | POLICYDB_CAPABILITY_EXTSOCKCLASS, | 73 | POLICYDB_CAPABILITY_EXTSOCKCLASS, |
| 74 | POLICYDB_CAPABILITY_ALWAYSNETWORK, | 74 | POLICYDB_CAPABILITY_ALWAYSNETWORK, |
| 75 | POLICYDB_CAPABILITY_CGROUPSECLABEL, | 75 | POLICYDB_CAPABILITY_CGROUPSECLABEL, |
| 76 | POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION, | ||
| 76 | __POLICYDB_CAPABILITY_MAX | 77 | __POLICYDB_CAPABILITY_MAX |
| 77 | }; | 78 | }; |
| 78 | #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) | 79 | #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) |
| @@ -84,6 +85,7 @@ extern int selinux_policycap_openperm; | |||
| 84 | extern int selinux_policycap_extsockclass; | 85 | extern int selinux_policycap_extsockclass; |
| 85 | extern int selinux_policycap_alwaysnetwork; | 86 | extern int selinux_policycap_alwaysnetwork; |
| 86 | extern int selinux_policycap_cgroupseclabel; | 87 | extern int selinux_policycap_cgroupseclabel; |
| 88 | extern int selinux_policycap_nnp_nosuid_transition; | ||
| 87 | 89 | ||
| 88 | /* | 90 | /* |
| 89 | * type_datum properties | 91 | * type_datum properties |