commit: 5b8d41a56f311e6238010a2b2d42480f904eefb6 Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com> AuthorDate: Tue Jan 27 22:25:36 2015 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Sun Feb 15 17:36:25 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=5b8d41a5
Add always_check_network policy capability. Disabled by default, as most systems don't want/need this. --- policy/policy_capabilities | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/policy/policy_capabilities b/policy/policy_capabilities index db3cbca..70a4311 100644 --- a/policy/policy_capabilities +++ b/policy/policy_capabilities @@ -31,3 +31,13 @@ policycap network_peer_controls; # blk_file: open # policycap open_perms; + +# Always enforce network access controls, even +# if labeling is not configured for them. +# Available in kernel 3.13+ +# +# Checks enabled: +# packet: send recv +# peer: recv +# +# policycap always_check_network;
