From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Mon, 9 Feb 2026 18:38:05 +0000 (-0800)
Subject: Merge tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6252e917b9006dfa2f3d884fe0dbaf3e676c4108;p=thirdparty%2Fkernel%2Flinux.git

Merge tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:

 - Add support for SELinux based access control of BPF tokens

   We worked with the BPF devs to add the necessary LSM hooks when the
   BPF token code was first introduced, but it took us a bit longer to
   add the SELinux wiring and support.

   In order to preserve existing token-unaware SELinux policies, the new
   code is gated by the new "bpf_token_perms" policy capability.

   Additional details regarding the new permissions, and behaviors can
   be found in the associated commit.

 - Remove a BUG() from the SELinux capability code

   We now perform a similar check during compile time so we can safely
   remove the BUG() call.

* tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: drop the BUG() in cred_has_capability()
  selinux: fix a capabilities parsing typo in selinux_bpf_token_capable()
  selinux: add support for BPF token access control
  selinux: move the selinux_blob_sizes struct
---

6252e917b9006dfa2f3d884fe0dbaf3e676c4108