leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
270e857314
linux/security/selinux/ss
History
Stephen Smalley 4dc2fce342 selinux: log policy capability state when a policy is loaded 
Log the state of SELinux policy capabilities when a policy is loaded.
For each policy capability known to the kernel, log the policy capability
name and the value set in the policy.  For policy capabilities that are
set in the loaded policy but unknown to the kernel, log the policy
capability index, since this is the only information presently available
in the policy.

Sample output with a policy created with a new capability defined
that is not known to the kernel:
SELinux:  policy capability network_peer_controls=1
SELinux:  policy capability open_perms=1
SELinux:  policy capability extended_socket_class=1
SELinux:  policy capability always_check_network=0
SELinux:  policy capability cgroup_seclabel=0
SELinux:  unknown policy capability 5

Resolves: https://github.com/SELinuxProject/selinux-kernel/issues/32

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2017-05-23 10:23:50 -04:00
..
avtab.c selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
avtab.h selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
conditional.c selinux: Improve size determinations in four functions 2017-03-23 16:29:02 -04:00
conditional.h selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
constraint.h SELinux: Update policy version to support constraints info 2013-11-19 17:34:23 -05:00
context.h SELinux: allow default source/target selectors for user/role/range 2012-04-09 12:22:47 -04:00
ebitmap.c lib/vsprintf.c: remove %Z support 2017-02-27 18:43:47 -08:00
ebitmap.h netlabel: shorter names for the NetLabel catmap funcs/structs 2014-08-01 11:17:37 -04:00
hashtab.c selinux: Adjust four checks for null pointers 2017-03-23 16:36:38 -04:00
hashtab.h SELinux: hashtab.h whitespace, syntax, and other cleanups 2008-04-28 09:29:04 +10:00
mls_types.h SELinux: Reduce overhead of mls_level_isvalid() function call 2013-07-25 13:02:18 -04:00
mls.c selinux: reconcile security_netlbl_secattr_to_sid() and mls_import_netlbl_cat() 2015-04-06 20:15:55 -04:00
mls.h doc: Update the email address for Paul Moore in various source files 2011-08-01 17:58:33 -07:00
policydb.c selinux: Return directly after a failed memory allocation in policydb_index() 2017-05-23 10:23:12 -04:00
policydb.h SELinux: Update policy version to support constraints info 2013-11-19 17:34:23 -05:00
services.c selinux: log policy capability state when a policy is loaded 2017-05-23 10:23:50 -04:00
services.h selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
sidtab.c selinux: Return an error code only as a constant in sidtab_insert() 2017-05-23 10:23:17 -04:00
sidtab.h selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
status.c selinux: fix up style problem on /selinux/status 2010-10-21 10:12:41 +11:00
symtab.c selinux: fix error codes in symtab_init() 2010-08-02 15:35:04 +10:00
symtab.h