[people/stevee/selinux-policy.git] / policy / policy_capabilities

#
# This file contains the policy capabilites
# that are enabled in this policy, not a
# declaration of DAC capabilites such as
# dac_override.
#
# The affected object classes and their
# permissions should also be listed in
# the comments for each capability.
#

# Enable additional networking access control for
# labeled networking peers.
#
# Checks enabled:
# node: sendto recvfrom
# netif: ingress egress
# peer: recv
#
policycap network_peer_controls;

# Enable additional access controls for opening
# a file (and similar objects).
#
# Checks enabled:
# dir: open
# file: open
# fifo_file: open
# sock_file: open
# chr_file: open
# blk_file: open
#
policycap open_perms;
Commit	Line	Data
c07f9ccd CP	1	#
	2	# This file contains the policy capabilites
	3	# that are enabled in this policy, not a
	4	# declaration of DAC capabilites such as
0b36a214	5	# dac_override.
c07f9ccd CP	6	#
	7	# The affected object classes and their
	8	# permissions should also be listed in
	9	# the comments for each capability.
	10	#
	11
	12	# Enable additional networking access control for
	13	# labeled networking peers.
	14	#
	15	# Checks enabled:
	16	# node: sendto recvfrom
	17	# netif: ingress egress
	18	# peer: recv
	19	#
7722c29e	20	policycap network_peer_controls;
c07f9ccd CP	21
	22	# Enable additional access controls for opening
	23	# a file (and similar objects).
	24	#
	25	# Checks enabled:
	26	# dir: open
	27	# file: open
c07f9ccd	28	# fifo_file: open
9ac97390	29	# sock_file: open
c07f9ccd CP	30	# chr_file: open
	31	# blk_file: open
	32	#
0b36a214	33	policycap open_perms;