diff -uprN libcap-2.02/libcap/include/linux/capability.h libcap-2.02-smack/libcap/include/linux/capability.h
--- libcap-2.02/libcap/include/linux/capability.h	2007-11-10 09:34:04.000000000 -0800
+++ libcap-2.02-smack/libcap/include/linux/capability.h	2007-11-24 13:35:38.000000000 -0800
@@ -314,6 +314,23 @@ typedef struct kernel_cap_struct {
 
 #define CAP_SETFCAP	     31
 
+/* Override MAC access.
+   The base kernel enforces no MAC policy.
+   An LSM may enforce a MAC policy, and if it does and it chooses
+   to implement capability based overrides of that policy, this is
+   the capability it should use to do so. */
+
+#define CAP_MAC_OVERRIDE     32
+
+/* Allow MAC configuration or state changes.
+   The base kernel requires no MAC configuration.
+   An LSM may enforce a MAC policy, and if it does and it chooses
+   to implement capability based checks on modifications to that
+   policy or the data required to maintain it, this is the
+   capability it should use to do so. */
+
+#define CAP_MAC_ADMIN        33
+
 /*
  * Bit location of each capability (used by user-space library and kernel)
  */
@@ -334,7 +351,8 @@ typedef struct kernel_cap_struct {
 			    |CAP_TO_MASK(CAP_DAC_OVERRIDE)      \
 			    |CAP_TO_MASK(CAP_DAC_READ_SEARCH)   \
 			    |CAP_TO_MASK(CAP_FOWNER)            \
-			    |CAP_TO_MASK(CAP_FSETID))
+			    |CAP_TO_MASK(CAP_FSETID)            \
+			    |CAP_TO_MASK(CAP_MAC_OVERRIDE))
 
 #if _LINUX_CAPABILITY_U32S != 2
 # error Fix up hand-coded capability macro initializers