Cross Reference: /external/selinux/libsepol/src/polcaps.c

History log of /external/selinux/libsepol/src/polcaps.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
01723ac2ce03443e8c89a47c53072dfa6debcb00	06-Jun-2012	Chris PeBenito <cpebenito@tresys.com>	libsepol: Add always_check_network policy capability Currently the packet class in SELinux is not checked if there are no SECMARK rules in the security or mangle netfilter tables. Similarly, the peer class is not checked if there is no NetLabel or labeled IPSEC. Some systems prefer that these classes are always checked, for example, to protect the system should the netfilter rules fail to load or if the nefilter rules were maliciously flushed. Add the always_check_network policy capability which, when enabled, treats these mechanisms as enabled, even if there are no labeling rules. Signed-off-by: Chris PeBenito <cpebenito@tresys.com> Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libsepol/src/polcaps.c
7a1e3e1fef1d90832507ecd13d764258ea4fe14c	15-Jun-2012	Eric Paris <eparis@redhat.com>	libsepol: reserve policycapability for redhat testing of ptrace child Red Hat is testing ptrace_child in the wild. reserve this policy capability so we don't have conflicts. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libsepol/src/polcaps.c
13cd4c8960688af11ad23b4c946149015c80d549	19-Aug-2008	Joshua Brindle <method@manicmethod.com>	initial import from svn trunk revision 2950 /external/selinux/libsepol/src/polcaps.c