libsepol: add memfd_class capability

tweksteen · stephensmalley · commit 847be2e67ab3 · 2025-09-23T08:52:10.000-04:00
memfd_class was declared upstream in [1]. Add it to the list of known capabilities. [1] https://lore.kernel.org/selinux/20250826031824.1227551-1-tweek@google.com/ Signed-off-by: Thiébaud Weksteen <tweek@google.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
@@ -20,6 +20,7 @@ enum {
 	POLICYDB_CAP_NETIF_WILDCARD,
 	POLICYDB_CAP_GENFS_SECLABEL_WILDCARD,
 	POLICYDB_CAP_FUNCTIONFS_SECLABEL,
+	POLICYDB_CAP_MEMFD_CLASS,
 	__POLICYDB_CAP_MAX
 };
 #define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1)
diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
@@ -19,6 +19,7 @@ static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = {
 	[POLICYDB_CAP_NETIF_WILDCARD]			= "netif_wildcard",
 	[POLICYDB_CAP_GENFS_SECLABEL_WILDCARD]		= "genfs_seclabel_wildcard",
 	[POLICYDB_CAP_FUNCTIONFS_SECLABEL]		= "functionfs_seclabel",
+	[POLICYDB_CAP_MEMFD_CLASS]			= "memfd_class",
 };
 
 int sepol_polcap_getnum(const char *name)
