blob: db3cbca45dd4aef0d7d58e8acdcec5bf81ac24da (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
#
# This file contains the policy capabilites
# that are enabled in this policy, not a
# declaration of DAC capabilites such as
# dac_override.
#
# The affected object classes and their
# permissions should also be listed in
# the comments for each capability.
#
# Enable additional networking access control for
# labeled networking peers.
#
# Checks enabled:
# node: sendto recvfrom
# netif: ingress egress
# peer: recv
#
policycap network_peer_controls;
# Enable additional access controls for opening
# a file (and similar objects).
#
# Checks enabled:
# dir: open
# file: open
# fifo_file: open
# sock_file: open
# chr_file: open
# blk_file: open
#
policycap open_perms;
|