-----BEGIN PGP SIGNATURE-----
iQJIBAABCgAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmmCup0UHHBhdWxAcGF1
bC1tb29yZS5jb20ACgkQ6iDy2pc3iXOjcA//QpH/SmY+U5kdyQcu7ZDclcLJoJMM
LFMeYEDmIOWh29K4fP7BqTH3c2qZMrEpcudHrkMWwO05Nae1L8Tusc2Gq91DpWTq
JxCntZYEaamoh4KMrsXhC/43MoMCIr/aWgPwrSVwXD2/nqd12fWdnATDZCUuLZPa
KcWKADEgjD4fCgIhQLNVo0jbLKw3Ulnmm0qo4MR+Lw2L/JfOIOJUYIwh9SEIQxwh
xJfUFUUNKZE7TggBH5V2t5LHWQCJmUmFDKuRFlykr0owOej3Cz+0XEszFFffbrQ6
0Xspr0wMygpaNnM4DTRU/1nwRXINY9Z00fGpI1tDGR30IcEOv1Ub88mQIPnF0WvI
E3XTCFjh0tQK5i6xH96yZzEK28wkEZ7MFSBui4UoKuaFdxwN25k61BG42+Q3bcSH
zyRK7GOoii+iqCRDRTS+rAb2yOq2eWOP2h6mnIcviZtGqs8+t2/sVAE3Uv9GGMIb
2U7IDv5TljYbVXbmXBtBe7bw6N/rPI9RdQFz1vOV1cEkvljXCehfTVcKdcf8oC0M
mW0wienlxbawXK/DuS5Sv287U2GehiUaT5JvyWbleZ4yVIo15uPgVSVhk5r4lECX
GHEEOrvP/eNBVb7J7s++cZprNVOudC4I3kTUnacqTJKaJE3uNDQYdR8z9B/05/rB
djI3gsNh+XjMYcU=
=eiWJ
-----END PGP SIGNATURE-----
Merge tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
- Add support for SELinux based access control of BPF tokens
We worked with the BPF devs to add the necessary LSM hooks when the
BPF token code was first introduced, but it took us a bit longer to
add the SELinux wiring and support.
In order to preserve existing token-unaware SELinux policies, the new
code is gated by the new "bpf_token_perms" policy capability.
Additional details regarding the new permissions, and behaviors can
be found in the associated commit.
- Remove a BUG() from the SELinux capability code
We now perform a similar check during compile time so we can safely
remove the BUG() call.
* tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: drop the BUG() in cred_has_capability()
selinux: fix a capabilities parsing typo in selinux_bpf_token_capable()
selinux: add support for BPF token access control
selinux: move the selinux_blob_sizes struct
6252e917b9