diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2025-03-02 16:40:45 +0100 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2025-03-07 15:11:10 -0500 |
| commit | 8af43b61c17e9a18b06fd6ab26370543f21eb4e4 (patch) | |
| tree | f620c28b45f540f01d9870b62a580436dc11d04e /security/selinux/include/policycap.h | |
| parent | selinux: Chain up tool resolving errors in install_policy.sh (diff) | |
| download | linux-8af43b61c17e9a18b06fd6ab26370543f21eb4e4.tar.gz linux-8af43b61c17e9a18b06fd6ab26370543f21eb4e4.zip | |
selinux: support wildcard network interface names
Add support for wildcard matching of network interface names. This is
useful for auto-generated interfaces, for example podman creates network
interfaces for containers with the naming scheme podman0, podman1,
podman2, ...
To maintain backward compatibility guard this feature with a new policy
capability 'netif_wildcard'.
Netifcon definitions are compared against in the order given by the
policy, so userspace tools should sort them in a reasonable order.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/include/policycap.h')
| -rw-r--r-- | security/selinux/include/policycap.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/selinux/include/policycap.h b/security/selinux/include/policycap.h index 079679fe7254..bd402d3fd3ae 100644 --- a/security/selinux/include/policycap.h +++ b/security/selinux/include/policycap.h @@ -15,6 +15,7 @@ enum { POLICYDB_CAP_IOCTL_SKIP_CLOEXEC, POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT, POLICYDB_CAP_NETLINK_XPERM, + POLICYDB_CAP_NETIF_WILDCARD, __POLICYDB_CAP_MAX }; #define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1) |