#OUTPUT_POLICY = 18
# Policy Type
-# strict, targeted,
-# strict-mls, targeted-mls,
-# strict-mcs, targeted-mcs
-TYPE = strict
+# standard, mls, mcs
+TYPE = standard
# Policy Name
# If set, this will be used as the policy
# Fedora users should enable redhat.
#DISTRO = redhat
+# Unknown Permissions Handling
+# The behavior for handling permissions defined in the
+# kernel but missing from the policy. The permissions
+# can either be allowed, denied, or the policy loading
+# can be rejected.
+# allow, deny, and reject are current options.
+#UNK_PERMS = deny
+
# Direct admin init
# Setting this will allow sysadm to directly
# run init scripts, instead of requring run_init.
# This is a build option, as role transitions do
# not work in conditional policy.
-DIRECT_INITRC=n
+DIRECT_INITRC = n
+
+# Build monolithic policy. Putting y here
+# will build a monolithic policy.
+MONOLITHIC = n
+
+# User-based access control (UBAC)
+# Enable UBAC for role separations.
+UBAC = y
-# Build monolithic policy. Putting n here
-# will build a loadable module policy.
-MONOLITHIC=y
+# Custom build options. This field enables custom
+# build options. Putting foo here will enable
+# build option blocks named foo. Options should be
+# separated by spaces.
+CUSTOM_BUILDOPT =
# Number of MLS Sensitivities
# The sensitivities will be s0 to s(MLS_SENS-1).
# Dominance will be in increasing numerical order
# with s0 being lowest.
-MLS_SENS=16
+MLS_SENS = 16
# Number of MLS Categories
# The categories will be c0 to c(MLS_CATS-1).
-MLS_CATS=256
+MLS_CATS = 1024
# Number of MCS Categories
# The categories will be c0 to c(MLS_CATS-1).
-MCS_CATS=256
+MCS_CATS = 1024
# Set this to y to only display status messages
# during build.
-QUIET=n
+QUIET = n