git.ipfire.org Git - thirdparty/linux.git/commit

Merge tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

- Add support for SELinux based access control of BPF tokens

   We worked with the BPF devs to add the necessary LSM hooks when the
   BPF token code was first introduced, but it took us a bit longer to
   add the SELinux wiring and support.

   In order to preserve existing token-unaware SELinux policies, the new
   code is gated by the new "bpf_token_perms" policy capability.

   Additional details regarding the new permissions, and behaviors can
   be found in the associated commit.

- Remove a BUG() from the SELinux capability code

   We now perform a similar check during compile time so we can safely
   remove the BUG() call.

* tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: drop the BUG() in cred_has_capability()
  selinux: fix a capabilities parsing typo in selinux_bpf_token_capable()
  selinux: add support for BPF token access control
  selinux: move the selinux_blob_sizes struct

author	Linus Torvalds <torvalds@linux-foundation.org>
	Mon, 9 Feb 2026 18:38:05 +0000 (10:38 -0800)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Mon, 9 Feb 2026 18:38:05 +0000 (10:38 -0800)
commit	6252e917b9006dfa2f3d884fe0dbaf3e676c4108
tree	a500d6c22fa67ac198101d142a204a25c7235dff	tree
parent	bcc8fd3e1573c502edc0cb61abea0e113a761799	commit \| diff
parent	ea64aa57d596c4cbe518ffd043c52ef64089708d	commit \| diff