2008-04-18 14:21:01 +00:00
|
|
|
#
|
|
|
|
# This file contains the policy capabilites
|
|
|
|
# that are enabled in this policy, not a
|
|
|
|
# declaration of DAC capabilites such as
|
2008-10-16 16:09:20 +00:00
|
|
|
# dac_override.
|
2008-04-18 14:21:01 +00:00
|
|
|
#
|
|
|
|
# The affected object classes and their
|
|
|
|
# permissions should also be listed in
|
|
|
|
# the comments for each capability.
|
|
|
|
#
|
|
|
|
|
|
|
|
# Enable additional networking access control for
|
|
|
|
# labeled networking peers.
|
|
|
|
#
|
|
|
|
# Checks enabled:
|
|
|
|
# node: sendto recvfrom
|
|
|
|
# netif: ingress egress
|
|
|
|
# peer: recv
|
|
|
|
#
|
2009-02-03 15:45:30 +00:00
|
|
|
policycap network_peer_controls;
|
2008-04-18 14:21:01 +00:00
|
|
|
|
|
|
|
# Enable additional access controls for opening
|
|
|
|
# a file (and similar objects).
|
|
|
|
#
|
|
|
|
# Checks enabled:
|
|
|
|
# dir: open
|
|
|
|
# file: open
|
|
|
|
# fifo_file: open
|
|
|
|
# chr_file: open
|
|
|
|
# blk_file: open
|
|
|
|
#
|
2008-10-16 16:09:20 +00:00
|
|
|
policycap open_perms;
|