www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Miklos Szeredi <mszeredi@redhat.com>
	Mon, 24 Feb 2025 15:48:36 +0000 (16:48 +0100)
committer	Christian Brauner <brauner@kernel.org>
	Thu, 27 Feb 2025 08:16:04 +0000 (09:16 +0100)
commit	7d90fb525319d9761a8560bbf8287bcc9789bfec
tree	f9436e169772d8b07138ddd036eff6bd26ccc7f8	tree
parent	33cec19dc022369e02f860150e5dfe32708016dc	commit \| diff

selinux: add FILE__WATCH_MOUNTNS

Watching mount namespaces for changes (mount, umount, move mount) was added
by previous patches.

This patch adds the file/watch_mountns permission that can be applied to
nsfs files (/proc/$$/ns/mnt), making it possible to allow or deny watching
a particular namespace for changes.

Suggested-by: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/all/CAHC9VhTOmCjCSE2H0zwPOmpFopheexVb6jyovz92ZtpKtoVv6A@mail.gmail.com/
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Link: https://lore.kernel.org/r/20250224154836.958915-1-mszeredi@redhat.com
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>

security/selinux/hooks.c		diff \| blob \| history
security/selinux/include/classmap.h		diff \| blob \| history