audit: add netlink audit protocol bind to check capabilities on multicast join Register a netlink per-protocol bind fuction for audit to check userspace process capabilities before allowing a multicast group connection. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 3a101b8de0d39403b2c7e5c23fd0b005668acf48 [log] [tgz]
author: Richard Guy Briggs <rgb@redhat.com> Tue Apr 22 21:31:56 2014 -0400
committer: David S. Miller <davem@davemloft.net> Tue Apr 22 21:42:27 2014 -0400
tree: b7bce9802ac01cfeb96167d3bdc14b90703b9672
parent: 7774d5e03f4a41ec7c1e736acc108f112003bb4a [diff] [blame]
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 14d04e6..be491a7 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h

@@ -147,7 +147,7 @@
 	{ "peer", { "recv", NULL } },
 	{ "capability2",
 	  { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend",
-	    NULL } },
+	    "audit_read", NULL } },
 	{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
 	{ "tun_socket",
 	  { COMMON_SOCK_PERMS, "attach_queue", NULL } },
commit	3a101b8de0d39403b2c7e5c23fd0b005668acf48	[log] [tgz]
author	Richard Guy Briggs <rgb@redhat.com>	Tue Apr 22 21:31:56 2014 -0400
committer	David S. Miller <davem@davemloft.net>	Tue Apr 22 21:42:27 2014 -0400
tree	b7bce9802ac01cfeb96167d3bdc14b90703b9672
parent	7774d5e03f4a41ec7c1e736acc108f112003bb4a [diff] [blame]