Stephen Smalley <sds@tycho.nsa.gov> wrote:

quoted text
> Make sure that you or Dan submits a policy patch to register these
> classes and permissions in the policy when the kernel patch is queued
> for merge.

Do I just send the attached patch to <selinux@tycho.nsa.gov>?  Or do I need to
make a diff from a point in the tree nearer the root?  Is there anything else
I need to alter whilst I'm at it?

David
---
Index: policy/flask/security_classes
===================================================================
--- policy/flask/security_classes	(revision 2573)
+++ policy/flask/security_classes	(working copy)
@@ -109,4 +109,7 @@
 # network peer labels
 class peer
 
+# kernel services that need to override task security
+class kernel_service
+
 # FLASK
Index: policy/flask/access_vectors
===================================================================
--- policy/flask/access_vectors	(revision 2573)
+++ policy/flask/access_vectors	(working copy)
@@ -736,3 +736,10 @@
 {
 	recv
 }
+
+# kernel services that need to override task security
+class kernel_service
+{
+	use_as_override
+	create_files_as
+}
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/