access_vectors: remove incorrect comment about mac_admin
CAP_MAC_ADMIN was originally introduced into the kernel for use
by Smack and not used by SELinux. However, SELinux later appropriated
CAP_MAC_ADMIN as a way to control setting/getting security contexts
unknown to the currently loaded policy for use in labeling filesystems
while running a policy that differs from the one being applied to
the filesystem, in
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12b29f34558b9b45a2c6eabd4f3c6be939a3980f
circa v2.6.27.
Hence, the comment about mac_admin being unused by SELinux is inaccurate.
Remove it.
The corresponding change to refpolicy is:
5fda529636
Test: policy builds
Change-Id: Ie3637882200732e498c53a834a27284da838dfb8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
8943f24f02
commit
871546058d
@ -133,7 +133,7 @@ common cap
|
||||
common cap2
|
||||
{
|
||||
mac_override # unused by SELinux
|
||||
mac_admin # unused by SELinux
|
||||
mac_admin
|
||||
syslog
|
||||
wake_alarm
|
||||
block_suspend
|
||||
|
Loading…
Reference in New Issue
Block a user