summaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2014-04-23 03:31:56 +0200
committerDavid S. Miller <davem@davemloft.net>2014-04-23 03:42:27 +0200
commit3a101b8de0d39403b2c7e5c23fd0b005668acf48 (patch)
treeb7bce9802ac01cfeb96167d3bdc14b90703b9672 /security/selinux
parentnetlink: implement unbind to netlink_setsockopt NETLINK_DROP_MEMBERSHIP (diff)
downloadlinux-3a101b8de0d39403b2c7e5c23fd0b005668acf48.tar.xz
linux-3a101b8de0d39403b2c7e5c23fd0b005668acf48.zip
audit: add netlink audit protocol bind to check capabilities on multicast join
Register a netlink per-protocol bind fuction for audit to check userspace process capabilities before allowing a multicast group connection. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/include/classmap.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 14d04e63b1f0..be491a74c1ed 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -147,7 +147,7 @@ struct security_class_mapping secclass_map[] = {
{ "peer", { "recv", NULL } },
{ "capability2",
{ "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend",
- NULL } },
+ "audit_read", NULL } },
{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
{ "tun_socket",
{ COMMON_SOCK_PERMS, "attach_queue", NULL } },