1# Enable new networking controls. 2policycap network_peer_controls; 3 4# Enable open permission check. 5policycap open_perms; 6 7# Enable separate security classes for 8# all network address families previously 9# mapped to the socket class and for 10# ICMP and SCTP sockets previously mapped 11# to the rawip_socket class. 12policycap extended_socket_class; 13 14# Enable NoNewPrivileges support. Requires libsepol 2.7+ 15# and kernel 4.14 (estimated). 16# 17# Checks enabled; 18# process2: nnp_transition, nosuid_transition 19# 20policycap nnp_nosuid_transition; 21