Blame policy/policy_capabilities
|
Chris PeBenito |
c07f9c |
#
|
|
Chris PeBenito |
c07f9c |
# This file contains the policy capabilites
|
|
Chris PeBenito |
c07f9c |
# that are enabled in this policy, not a
|
|
Chris PeBenito |
c07f9c |
# declaration of DAC capabilites such as
|
|
Chris PeBenito |
0b36a2 |
# dac_override.
|
|
Chris PeBenito |
c07f9c |
#
|
|
Chris PeBenito |
c07f9c |
# The affected object classes and their
|
|
Chris PeBenito |
c07f9c |
# permissions should also be listed in
|
|
Chris PeBenito |
c07f9c |
# the comments for each capability.
|
|
Chris PeBenito |
c07f9c |
#
|
|
Chris PeBenito |
c07f9c |
|
|
Chris PeBenito |
c07f9c |
# Enable additional networking access control for
|
|
Chris PeBenito |
c07f9c |
# labeled networking peers.
|
|
Chris PeBenito |
c07f9c |
#
|
|
Chris PeBenito |
c07f9c |
# Checks enabled:
|
|
Chris PeBenito |
c07f9c |
# node: sendto recvfrom
|
|
Chris PeBenito |
c07f9c |
# netif: ingress egress
|
|
Chris PeBenito |
c07f9c |
# peer: recv
|
|
Chris PeBenito |
c07f9c |
#
|
|
Chris PeBenito |
7722c2 |
policycap network_peer_controls;
|
|
Chris PeBenito |
c07f9c |
|
|
Chris PeBenito |
c07f9c |
# Enable additional access controls for opening
|
|
Chris PeBenito |
c07f9c |
# a file (and similar objects).
|
|
Chris PeBenito |
c07f9c |
#
|
|
Chris PeBenito |
c07f9c |
# Checks enabled:
|
|
Chris PeBenito |
c07f9c |
# dir: open
|
|
Chris PeBenito |
c07f9c |
# file: open
|
|
Chris PeBenito |
c07f9c |
# fifo_file: open
|
|
Chris PeBenito |
c07f9c |
# chr_file: open
|
|
Chris PeBenito |
c07f9c |
# blk_file: open
|
|
Chris PeBenito |
c07f9c |
#
|
|
Chris PeBenito |
0b36a2 |
policycap open_perms;
|