[RFC,0/3] Add policy capability for systemd overhaul

Message

Christian Göttsche Jan. 10, 2020, 2:15 p.m. UTC

Support a SELinux overhaul of systemd by adding a policy capability and
adding a library method to obtain a current state of a policy
capability.

The systemd patch can be found at
https://github.com/systemd/systemd/pull/10023
and has NOT yet been accepted.

This is just a rfc to test the water.

Christian Göttsche (3):
  libsepol: add policy capability for systemd overhaul
  libselinux: add security_is_policy_capabilty_enabled()
  libselinux: add policy capability test binary

 libselinux/include/selinux/selinux.h          |  3 +
 .../security_is_policy_capability_enabled.3   | 27 ++++++++
 libselinux/src/polcap.c                       | 64 +++++++++++++++++++
 libselinux/src/selinux_internal.h             |  1 +
 libselinux/src/selinuxswig_python_exception.i |  9 +++
 libselinux/utils/.gitignore                   |  1 +
 libselinux/utils/polcap_enabled.c             | 30 +++++++++
 libsepol/include/sepol/policydb/polcaps.h     |  1 +
 libsepol/src/polcaps.c                        |  1 +
 9 files changed, 137 insertions(+)
 create mode 100644 libselinux/man/man3/security_is_policy_capability_enabled.3
 create mode 100644 libselinux/src/polcap.c
 create mode 100644 libselinux/utils/polcap_enabled.c