Difference between revisions of "Policy Configuration Statements"
From SELinux Wiki
(New page: = Policy Configuration Statements = == policycap == Policy version 22 introduced the policycap statement to allow new capabilities to be enabled or disabled in the kernel via policy in a ...) |
(→policycap) |
||
Line 36: | Line 36: | ||
|- | |- | ||
− | | <center>[[ConditionalStatements | | + | | <center>[[ConditionalStatements#if | if Statement]]</center> |
| <center>[[PolicyStatements#optional | optional Statement]] </center> | | <center>[[PolicyStatements#optional | optional Statement]] </center> | ||
| <center>[[PolicyStatements#require | require Statement]] </center> | | <center>[[PolicyStatements#require | require Statement]] </center> |
Latest revision as of 13:50, 11 December 2014
Policy Configuration Statements
policycap
Policy version 22 introduced the policycap statement to allow new capabilities to be enabled or disabled in the kernel via policy in a backward compatible way. For example policies that are aware of a new capability can enable the functionality, while older policies would continue to use the original functionality. An example is shown in the SELinux Networking Support section using the network_peer_controls capability.
In the 3.14 kernel there are four policy capabilities configured as shown in the SELinux Filesystem section.
The statement definition is:
policycap capability;
Where:
policycap | The policycap keyword. |
capability | A single capability identifier that will be enabled for this policy. |
The statement is valid in:
|
|
|
|
|
|
|
|
|
|
|
|
Example:
# This statement enables the network_peer_controls policy capability. # policycap network_peer_controls;
Previous | |
|