diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2014-04-23 03:31:56 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-04-23 03:42:27 +0200 |
commit | 3a101b8de0d39403b2c7e5c23fd0b005668acf48 (patch) | |
tree | b7bce9802ac01cfeb96167d3bdc14b90703b9672 /security/selinux | |
parent | netlink: implement unbind to netlink_setsockopt NETLINK_DROP_MEMBERSHIP (diff) | |
download | linux-3a101b8de0d39403b2c7e5c23fd0b005668acf48.tar.xz linux-3a101b8de0d39403b2c7e5c23fd0b005668acf48.zip |
audit: add netlink audit protocol bind to check capabilities on multicast join
Register a netlink per-protocol bind fuction for audit to check userspace
process capabilities before allowing a multicast group connection.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/include/classmap.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 14d04e63b1f0..be491a74c1ed 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -147,7 +147,7 @@ struct security_class_mapping secclass_map[] = { { "peer", { "recv", NULL } }, { "capability2", { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend", - NULL } }, + "audit_read", NULL } }, { "kernel_service", { "use_as_override", "create_files_as", NULL } }, { "tun_socket", { COMMON_SOCK_PERMS, "attach_queue", NULL } }, |