All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH userspace] libsepol: add bpf_token_perms polcap
@ 2025-08-08 18:35 Eric Suen
  0 siblings, 0 replies; only message in thread
From: Eric Suen @ 2025-08-08 18:35 UTC (permalink / raw)
  To: selinux

New policy capability 'bpf_token_perms' required by patch to support SELinux
for BPF token control:
  https://lore.kernel.org/selinux/20250806180149.1995-1-ericsu@linux.microsoft.com/

Signed-off-by: Eric Suen <ericsu@linux.microsoft.com>
---
 libsepol/include/sepol/policydb/polcaps.h | 1 +
 libsepol/src/polcaps.c                    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
index 0835ea21..9868d41a 100644
--- a/libsepol/include/sepol/policydb/polcaps.h
+++ b/libsepol/include/sepol/policydb/polcaps.h
@@ -19,6 +19,7 @@ enum {
 	POLICYDB_CAP_NETLINK_XPERM,
 	POLICYDB_CAP_NETIF_WILDCARD,
 	POLICYDB_CAP_GENFS_SECLABEL_WILDCARD,
+	POLICYDB_CAP_BPF_TOKEN_PERMS,
 	__POLICYDB_CAP_MAX
 };
 #define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1)
diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
index 7ac0ae7c..0cb68fc0 100644
--- a/libsepol/src/polcaps.c
+++ b/libsepol/src/polcaps.c
@@ -18,6 +18,7 @@ static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = {
 	[POLICYDB_CAP_NETLINK_XPERM]			= "netlink_xperm",
 	[POLICYDB_CAP_NETIF_WILDCARD]			= "netif_wildcard",
 	[POLICYDB_CAP_GENFS_SECLABEL_WILDCARD]		= "genfs_seclabel_wildcard",
+	[POLICYDB_CAP_BPF_TOKEN_PERMS]                  = "bpf_token_perms",
 };
 
 int sepol_polcap_getnum(const char *name)
-- 
2.50.1.windows.1


^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2025-08-08 18:35 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-08 18:35 [PATCH userspace] libsepol: add bpf_token_perms polcap Eric Suen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.