]>
Commit | Line | Data |
---|---|---|
c07f9ccd CP |
1 | # |
2 | # This file contains the policy capabilites | |
3 | # that are enabled in this policy, not a | |
4 | # declaration of DAC capabilites such as | |
0b36a214 | 5 | # dac_override. |
c07f9ccd CP |
6 | # |
7 | # The affected object classes and their | |
8 | # permissions should also be listed in | |
9 | # the comments for each capability. | |
10 | # | |
11 | ||
12 | # Enable additional networking access control for | |
13 | # labeled networking peers. | |
14 | # | |
15 | # Checks enabled: | |
16 | # node: sendto recvfrom | |
17 | # netif: ingress egress | |
18 | # peer: recv | |
19 | # | |
7722c29e | 20 | policycap network_peer_controls; |
c07f9ccd CP |
21 | |
22 | # Enable additional access controls for opening | |
23 | # a file (and similar objects). | |
24 | # | |
25 | # Checks enabled: | |
26 | # dir: open | |
27 | # file: open | |
c07f9ccd | 28 | # fifo_file: open |
9ac97390 | 29 | # sock_file: open |
c07f9ccd CP |
30 | # chr_file: open |
31 | # blk_file: open | |
32 | # | |
0b36a214 | 33 | policycap open_perms; |