diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2022-03-22 17:53:16 +0100 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2022-03-30 19:40:53 -0700 |
commit | d98a4ace89b3fd18005dbb01775294adcf07aa14 (patch) | |
tree | 00cf86366e8ac3b89f859232bdfcf1bcc717bb40 /policy | |
parent | build.conf: bump policy version in comment (diff) | |
download | hardened-refpolicy-d98a4ace89b3fd18005dbb01775294adcf07aa14.tar.gz hardened-refpolicy-d98a4ace89b3fd18005dbb01775294adcf07aa14.tar.bz2 hardened-refpolicy-d98a4ace89b3fd18005dbb01775294adcf07aa14.zip |
flask: add new kernel security classes
Add new kernel security classes mctp_socket, anon_inode and io_uring.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy')
-rw-r--r-- | policy/flask/access_vectors | 16 | ||||
-rw-r--r-- | policy/flask/security_classes | 5 |
2 files changed, 19 insertions, 2 deletions
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index d464a3de..2219fb19 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors @@ -1045,6 +1045,9 @@ class bpf class xdp_socket inherits socket +class mctp_socket +inherits socket + class perf_event { open @@ -1057,6 +1060,15 @@ class perf_event class lockdown { - integrity - confidentiality + integrity + confidentiality +} + +class anon_inode +inherits file + +class io_uring +{ + override_creds + sqpoll } diff --git a/policy/flask/security_classes b/policy/flask/security_classes index e62e4c95..63635789 100644 --- a/policy/flask/security_classes +++ b/policy/flask/security_classes @@ -193,9 +193,14 @@ class process2 class bpf class xdp_socket +class mctp_socket class perf_event class lockdown +class anon_inode + +class io_uring + # FLASK |