Policy Configuration Statements
From SELinux Wiki
Policy Configuration Statements
policycap
Policy version 22 introduced the policycap statement to allow new capabilities to be enabled or disabled in the kernel via policy in a backward compatible way. For example policies that are aware of a new capability can enable the functionality, while older policies would continue to use the original functionality. An example is shown in the SELinux Networking Support section using the network_peer_controls capability.
In the 3.14 kernel there are four policy capabilities configured as shown in the SELinux Filesystem section.
The statement definition is:
policycap capability;
Where:
policycap | The policycap keyword. |
capability | A single capability identifier that will be enabled for this policy. |
The statement is valid in:
|
|
|
|
|
|
|
|
|
|
|
|
Example:
# This statement enables the network_peer_controls policy capability. # policycap network_peer_controls;
Previous | |
|