149afc688a53839e57ca541dfa1f84c946bb6399 - fp2-dev/platform/external/selinux

commit	149afc688a53839e57ca541dfa1f84c946bb6399	[log] [tgz]
author	Dan Walsh <dwalsh@redhat.com>	Mon Jun 13 13:24:38 2011 -0400
committer	Eric Paris <eparis@redhat.com>	Fri Aug 26 14:28:23 2011 -0400
tree	f5174dea53b41b8c89d6418f1db8eb398e032c47
parent	d6c09608cd6a1c29fa2befd1b9769350f3bdee50 [diff]

policycoreutils: sandbox: add -C option to not drop all capabilities

Some sandbox might want to be able to run a suid app.  Add the -C option
to allow capabilities to stay in the bounding set, and thus be allowed
inside the sandbox.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>

policycoreutils/sandbox/sandbox[diff]
policycoreutils/sandbox/sandbox.8[diff]
policycoreutils/sandbox/seunshare.8[diff]
policycoreutils/sandbox/seunshare.c[diff]

4 files changed

tree: f5174dea53b41b8c89d6418f1db8eb398e032c47

checkpolicy/
libselinux/
libsemanage/
libsepol/
policycoreutils/
scripts/
sepolgen/
.gitignore
Makefile