Enable cgroup_seclabel and nnp_nosuid_transition.

author: Chris PeBenito <pebenito@ieee.org> 2018-01-16 18:52:39 -0500
committer: Sven Vermeulen <swift@gentoo.org> 2018-01-18 17:31:50 +0100
commit: a8daf242da364dcdc2f3a678daca42160d579c67 (patch)
tree: 111c7dbe0b195a6851349ccafa1c0ae47deeec05
parent: Update Changelog and VERSION for release. (diff)
download: hardened-refpolicy-a8daf242da364dcdc2f3a678daca42160d579c67.tar.gz
hardened-refpolicy-a8daf242da364dcdc2f3a678daca42160d579c67.tar.bz2
hardened-refpolicy-a8daf242da364dcdc2f3a678daca42160d579c67.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/policy/policy_capabilities b/policy/policy_capabilities
index a6987a44d..206cdda9b 100644
--- a/policy/policy_capabilities
+++ b/policy/policy_capabilities
@@ -89,12 +89,12 @@ policycap extended_socket_class;
 #
 # Added checks:
 # (none)
-#policycap cgroup_seclabel;
+policycap cgroup_seclabel;
 
 # Enable NoNewPrivileges support.  Requires libsepol 2.7+
-# and kernel 4.14 (estimated).
+# and kernel 4.14.
 #
 # Checks enabled;
 # process2: nnp_transition, nosuid_transition
 #
-#policycap nnp_nosuid_transition;
+policycap nnp_nosuid_transition;
author	Chris PeBenito <pebenito@ieee.org>	2018-01-16 18:52:39 -0500
committer	Sven Vermeulen <swift@gentoo.org>	2018-01-18 17:31:50 +0100
commit	a8daf242da364dcdc2f3a678daca42160d579c67 (patch)
tree	111c7dbe0b195a6851349ccafa1c0ae47deeec05
parent	Update Changelog and VERSION for release. (diff)
download	hardened-refpolicy-a8daf242da364dcdc2f3a678daca42160d579c67.tar.gz hardened-refpolicy-a8daf242da364dcdc2f3a678daca42160d579c67.tar.bz2 hardened-refpolicy-a8daf242da364dcdc2f3a678daca42160d579c67.zip