tree e3a0d5a2e9f81c0790f9988c5190ead111dd6319
parent 31fcd66d39e2be5e94d07ee8c2445efdab6cf230
author Stephen Smalley <sds@tycho.nsa.gov> 1480608486 -0500
committer Stephen Smalley <sds@tycho.nsa.gov> 1481206637 -0500

libsepol: Define extended_socket_class policy capability

Define the extended_socket_class policy capability used to enable
the use of separate socket security classes for all network address
families rather than the generic socket class. This also enables
separate security classes for ICMP and SCTP sockets, which were previously
mapped to the rawip_socket class.

The legacy redhat1 policy capability that was only ever used in testing
within Fedora for ptrace_child is reclaimed for this purpose; as far as
I can tell, this policy capability is not enabled in any supported distro
policy.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
