search

SELinuxProject / selinux-testsuite

This is the upstream SELinux testsuite which is designed as a basic set of regression tests for the SELinux kernel functionality.
GNU General Public License v2.0
53 stars 43 forks source link

RFE: Add tests for CAP_MAC_ADMIN/mac_admin #21

Closed stephensmalley closed 7 years ago

stephensmalley commented 7 years ago

Add tests for CAP_MAC_ADMIN/mac_admin and its effect on setting/getting security contexts unknown to the currently loaded policy. A process with CAP_MAC_ADMIN + SELinux :capability2 mac_admin permission can set a label that is unknown to the currently loaded policy on a file, and can get that label from the file without having it be remapped to unlabeled_t. Used for livecd creation, building labeled filesystem images on a build host with a different policy, etc. Originally intended to be used by rpm to support setting file labels before installing policy modules from packages but not presently used AFAIK.

stephensmalley commented 7 years ago

Resolved by e436ed05f87d730357534e3c5a2f814e7f4e8844