| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # Enable new networking controls. |
| 2 | policycap network_peer_controls; |
| 3 | |
| 4 | # Enable open permission check. |
| 5 | policycap open_perms; |
| Stephen Smalley | 431bdd9 | 2016-12-08 13:35:27 -0500 | [diff] [blame] | 6 | |
| 7 | # Enable separate security classes for |
| 8 | # all network address families previously |
| 9 | # mapped to the socket class and for |
| 10 | # ICMP and SCTP sockets previously mapped |
| 11 | # to the rawip_socket class. |
| 12 | policycap extended_socket_class; |
| 13 | |
| Nick Kralevich | 1b1d133 | 2018-09-07 10:48:55 -0700 | [diff] [blame^] | 14 | # Enable NoNewPrivileges support. Requires libsepol 2.7+ |
| 15 | # and kernel 4.14 (estimated). |
| 16 | # |
| 17 | # Checks enabled; |
| 18 | # process2: nnp_transition, nosuid_transition |
| 19 | # |
| 20 | policycap nnp_nosuid_transition; |