Blame policy/policy_capabilities
|
Chris PeBenito |
c07f9cc |
#
|
|
Chris PeBenito |
c07f9cc |
# This file contains the policy capabilites
|
|
Chris PeBenito |
c07f9cc |
# that are enabled in this policy, not a
|
|
Chris PeBenito |
c07f9cc |
# declaration of DAC capabilites such as
|
|
Chris PeBenito |
0b36a21 |
# dac_override.
|
|
Chris PeBenito |
c07f9cc |
#
|
|
Chris PeBenito |
c07f9cc |
# The affected object classes and their
|
|
Chris PeBenito |
c07f9cc |
# permissions should also be listed in
|
|
Chris PeBenito |
c07f9cc |
# the comments for each capability.
|
|
Chris PeBenito |
c07f9cc |
#
|
|
Chris PeBenito |
c07f9cc |
|
|
Chris PeBenito |
c07f9cc |
# Enable additional networking access control for
|
|
Chris PeBenito |
c07f9cc |
# labeled networking peers.
|
|
Chris PeBenito |
c07f9cc |
#
|
|
Chris PeBenito |
c07f9cc |
# Checks enabled:
|
|
Chris PeBenito |
c07f9cc |
# node: sendto recvfrom
|
|
Chris PeBenito |
c07f9cc |
# netif: ingress egress
|
|
Chris PeBenito |
c07f9cc |
# peer: recv
|
|
Chris PeBenito |
c07f9cc |
#
|
|
Chris PeBenito |
7722c29 |
policycap network_peer_controls;
|
|
Chris PeBenito |
c07f9cc |
|
|
Chris PeBenito |
c07f9cc |
# Enable additional access controls for opening
|
|
Chris PeBenito |
c07f9cc |
# a file (and similar objects).
|
|
Chris PeBenito |
c07f9cc |
#
|
|
Chris PeBenito |
c07f9cc |
# Checks enabled:
|
|
Chris PeBenito |
c07f9cc |
# dir: open
|
|
Chris PeBenito |
c07f9cc |
# file: open
|
|
Chris PeBenito |
c07f9cc |
# fifo_file: open
|
|
Chris PeBenito |
9ac9739 |
# sock_file: open
|
|
Chris PeBenito |
c07f9cc |
# chr_file: open
|
|
Chris PeBenito |
c07f9cc |
# blk_file: open
|
|
Chris PeBenito |
c07f9cc |
#
|
|
Chris PeBenito |
0b36a21 |
policycap open_perms;
|