diff options
| author |   Andrew Perepechko <anserper@ya.ru> | 2015-12-24 11:09:41 -0500 |
|---|---|---|
| committer |   Paul Moore <pmoore@redhat.com> | 2015-12-24 11:09:41 -0500 |
| commit | f9df6458218f4fe8a1c3bf0af89c1fa9eaf0db39 (patch) | |
| tree | bed3081497a3b7a628fe77f919514e01650d4d8a /security/selinux/include/classmap.h | |
| parent | gfs2: Invalid security labels of inodes when they go invalid (diff) | |
| download | linux-dev-f9df6458218f4fe8a1c3bf0af89c1fa9eaf0db39.tar.xz linux-dev-f9df6458218f4fe8a1c3bf0af89c1fa9eaf0db39.zip | |
selinux: export validatetrans decisions
Make validatetrans decisions available through selinuxfs.
"/validatetrans" is added to selinuxfs for this purpose.
This functionality is needed by file system servers
implemented in userspace or kernelspace without the VFS
layer.
Writing "$oldcontext $newcontext $tclass $taskcontext"
to /validatetrans is expected to return 0 if the transition
is allowed and -EPERM otherwise.
Signed-off-by: Andrew Perepechko <anserper@ya.ru>
CC: andrew.perepechko@seagate.com
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security/selinux/include/classmap.h')
| -rw-r--r-- | security/selinux/include/classmap.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 5a4eef59aeff..ef83c4b85a33 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -21,7 +21,7 @@ struct security_class_mapping secclass_map[] = { { "compute_av", "compute_create", "compute_member", "check_context", "load_policy", "compute_relabel", "compute_user", "setenforce", "setbool", "setsecparam", - "setcheckreqprot", "read_policy", NULL } }, + "setcheckreqprot", "read_policy", "validate_trans", NULL } }, { "process", { "fork", "transition", "sigchld", "sigkill", "sigstop", "signull", "signal", "ptrace", "getsched", "setsched", |