| Message ID | 20230612093107.1066410-3-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | Introduce an initial SID for early boot processes | expand |
diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h index f5e32e60..14bcc6cb 100644 --- a/libsepol/include/sepol/policydb/polcaps.h +++ b/libsepol/include/sepol/policydb/polcaps.h @@ -15,6 +15,7 @@ enum { POLICYDB_CAP_NNP_NOSUID_TRANSITION, POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS, POLICYDB_CAP_IOCTL_SKIP_CLOEXEC, + POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT, __POLICYDB_CAP_MAX }; #define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1) diff --git a/libsepol/src/kernel_to_common.h b/libsepol/src/kernel_to_common.h index 6073ff3a..5d927a3d 100644 --- a/libsepol/src/kernel_to_common.h +++ b/libsepol/src/kernel_to_common.h @@ -20,7 +20,7 @@ static const char * const selinux_sid_to_str[] = { NULL, "file", NULL, - NULL, + "init", "any_socket", "port", "netif", diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c index 687e971c..be12580a 100644 --- a/libsepol/src/polcaps.c +++ b/libsepol/src/polcaps.c @@ -14,6 +14,7 @@ static const char * const polcap_names[] = { "nnp_nosuid_transition", /* POLICYDB_CAP_NNP_NOSUID_TRANSITION */ "genfs_seclabel_symlinks", /* POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS */ "ioctl_skip_cloexec", /* POLICYDB_CAP_IOCTL_SKIP_CLOEXEC */ + "userspace_initial_context", /* POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT */ NULL };
Resurrect the naming of the "init" initial SID, as it has been reintroduced in the kernel. Also add the new "userspace_initial_context" policy capability that is used to enable the new semantics for this initial SID. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- libsepol/include/sepol/policydb/polcaps.h | 1 + libsepol/src/kernel_to_common.h | 2 +- libsepol/src/polcaps.c | 1 + 3 files changed, 3 insertions(+), 1 deletion(-)