From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Wed, 18 Jul 2012 20:42:44 +0000 (-0700)
Subject: Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris... 
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=e2f3b78557ff11f58d836e016900c3210f4fb1c1;p=linux-beck.git

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull SELinux regression fixes from James Morris.

Andrew Morton has a box that hit that open perms problem.

I also renamed the "epollwakeup" selinux name for the new capability to
be "block_suspend", to match the rename done by commit d9914cf66181
("PM: Rename CAP_EPOLLWAKEUP to CAP_BLOCK_SUSPEND").

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  SELinux: do not check open perms if they are not known to policy
  SELinux: include definition of new capabilities
---

e2f3b78557ff11f58d836e016900c3210f4fb1c1
diff --cc security/selinux/include/classmap.h
index b8c53723e09b,0b04fd9e9e3e..df2de54a958d
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@@ -145,7 -145,9 +145,9 @@@ struct security_class_mapping secclass_
  	    "node_bind", "name_connect", NULL } },
  	{ "memprotect", { "mmap_zero", NULL } },
  	{ "peer", { "recv", NULL } },
- 	{ "capability2", { "mac_override", "mac_admin", "syslog", NULL } },
+ 	{ "capability2",
 -	  { "mac_override", "mac_admin", "syslog", "wake_alarm", "epollwakeup",
++	  { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend",
+ 	    NULL } },
  	{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
  	{ "tun_socket",
  	  { COMMON_SOCK_PERMS, NULL } },