Policy Configuration Statements
From SELinux Wiki
Revision as of 12:54, 11 December 2014 by RichardHaines (Talk | contribs)
Policy Configuration Statements
policycap
Policy version 22 introduced the policycap statement to allow new capabilities to be enabled or disabled in the kernel via policy in a backward compatible way. For example policies that are aware of a new capability can enable the functionality, while older policies would continue to use the original functionality. An example is shown in the SELinux Networking Support section using the network_peer_controls capability.
In the 3.14 kernel there are four policy capabilities configured as shown in the SELinux Filesystem section.
The statement definition is:
policycap capability;
Where:
policycap | The policycap keyword. |
capability | A single capability identifier that will be enabled for this policy. |
The statement is valid in:
|
|
|
|
|
|
|
|
|
|
|
|
Example:
# This statement enables the network_peer_controls policy capability. # policycap network_peer_controls;
Previous | |
|