commit: a8daf242da364dcdc2f3a678daca42160d579c67 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Tue Jan 16 23:52:39 2018 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Thu Jan 18 16:31:50 2018 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a8daf242
Enable cgroup_seclabel and nnp_nosuid_transition. policy/policy_capabilities | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/policy/policy_capabilities b/policy/policy_capabilities index a6987a44..206cdda9 100644 --- a/policy/policy_capabilities +++ b/policy/policy_capabilities @@ -89,12 +89,12 @@ policycap extended_socket_class; # # Added checks: # (none) -#policycap cgroup_seclabel; +policycap cgroup_seclabel; # Enable NoNewPrivileges support. Requires libsepol 2.7+ -# and kernel 4.14 (estimated). +# and kernel 4.14. # # Checks enabled; # process2: nnp_transition, nosuid_transition # -#policycap nnp_nosuid_transition; +policycap nnp_nosuid_transition;
