commit: 59fbd794b1a1f811362f732f41fcb6ddf1fc2236 Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> AuthorDate: Sat Aug 30 16:56:00 2025 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Tue Sep 2 22:07:41 2025 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=59fbd794
policy_capabilities: add netif_wildcard and genfs_seclabel_wildcard Add definition for the policy capability netif_wildcard, which controls the support for wildcard matching of network interface names. Add definition for the policy capability genfs_seclabel_wildcard, which controls the support for wildcard matching of genfscon paths. Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/policy_capabilities | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/policy/policy_capabilities b/policy/policy_capabilities index 73b52998d..39d6439fb 100644 --- a/policy/policy_capabilities +++ b/policy/policy_capabilities @@ -138,3 +138,17 @@ policycap nnp_nosuid_transition; # netlink_xfrm_socket: nlmsg_read nlmsg_write # netlink_audit_socket: nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit #policycap netlink_xperm; + +# Enable wildcard matching for network interface names. +# Requires libsepol 3.9+ and kernel 6.15+. +# +# Added checks: +# (none) +#policycap netif_wildcard; + +# Enable wildcard matching for genfscon paths. +# Requires libsepol 3.9+ and kernel 6.16+. +# +# Added checks: +# (none) +#policycap genfs_seclabel_wildcard;
