From b07b6f0c5d27fafb12ae98d889ae944d308fe9f6 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Wed, 14 Jan 2026 16:00:14 -0500 Subject: [PATCH] selinux: fix a capabilities parsing typo in selinux_bpf_token_capable() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit There was a typo, likely a cut-n-paste bug, where we were checking for SECCLASS_CAPABILITY instead of SECCLASS_CAPABILITY2. Fixes: 5473a722f782 ("selinux: add support for BPF token access control") Reported-by: Christian Göttsche Signed-off-by: Paul Moore --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c7c19ceeeb2f1..9289ed89a8ec8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7260,7 +7260,7 @@ static int selinux_bpf_token_capable(const struct bpf_token *token, int cap) sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS; break; case 1: - sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP2_USERNS; + sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS; break; default: pr_err("SELinux: out of range capability %d\n", cap); -- 2.47.3