| Tri Vo | bc8dc3a | 2019-05-26 13:17:08 -0700 | [diff] [blame^] | 1 | # Enable new networking controls. |
| 2 | policycap network_peer_controls; |
| 3 | |
| 4 | # Enable open permission check. |
| 5 | policycap open_perms; |
| 6 | |
| 7 | # Enable separate security classes for |
| 8 | # all network address families previously |
| 9 | # mapped to the socket class and for |
| 10 | # ICMP and SCTP sockets previously mapped |
| 11 | # to the rawip_socket class. |
| 12 | policycap extended_socket_class; |
| 13 | |
| 14 | # Enable NoNewPrivileges support. Requires libsepol 2.7+ |
| 15 | # and kernel 4.14 (estimated). |
| 16 | # |
| 17 | # Checks enabled; |
| 18 | # process2: nnp_transition, nosuid_transition |
| 19 | # |
| 20 | policycap nnp_nosuid_transition; |