diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2017-05-17 11:31:48 -0400 |
---|---|---|
committer | Sven Vermeulen <swift@gentoo.org> | 2017-05-18 19:01:00 +0200 |
commit | 09879cfc8abb8884cd11fe9ee3125e866190e207 (patch) | |
tree | 1b7f0cc5992ee277e80f0f2e6a9d46278c3eab78 /policy/flask/security_classes | |
parent | refpolicy: Define getrlimit permission for class process (diff) | |
download | hardened-refpolicy-09879cfc8abb8884cd11fe9ee3125e866190e207.tar.gz hardened-refpolicy-09879cfc8abb8884cd11fe9ee3125e866190e207.tar.bz2 hardened-refpolicy-09879cfc8abb8884cd11fe9ee3125e866190e207.zip |
refpolicy: Define smc_socket security class
Linux kernel commit da69a5306ab9 ("selinux: support distinctions among all
network address families") triggers a build error if a new address family
is added without defining a corresponding SELinux security class. As a
result, the smc_socket class was added to the kernel to resolve a build
failure as part of merge commit 3051bf36c25d that introduced AF_SMC circa
Linux 4.11. Define this security class and its access vector, note that it
is enabled as part of the extended_socket_class policy capability, and add
it to the socket_class_set macro.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'policy/flask/security_classes')
-rw-r--r-- | policy/flask/security_classes | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/flask/security_classes b/policy/flask/security_classes index 18f18fd8..18c4f974 100644 --- a/policy/flask/security_classes +++ b/policy/flask/security_classes @@ -182,5 +182,6 @@ class nfc_socket class vsock_socket class kcm_socket class qipcrtr_socket +class smc_socket # FLASK |