[selinux-policy: 7/3172] move assert.te here

[Daniel J Walsh]

commit 57d236548bc1d1e5e28844166e4b31a6a28369c1
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Apr 18 20:17:25 2005 +0000

    move assert.te here

 refpolicy/policy/modules/kernel/kernel.te |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index b89320e..ba189bf 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -55,6 +55,14 @@ neverallow ~can_load_policy security_t:security load_policy;
 neverallow ~can_setenforce security_t:security setenforce;
 neverallow ~can_setsecparam security_t:security setsecparam;
 
+# enabling dyntransition breaks process tranquility.  If you dont
+# know what this means or dont understand the implications of a
+# dynamic transition, you shouldnt be using it!!!
+neverallow * *:process { setcurrent dyntransition };
+
+attribute can_load_kernmodule;
+neverallow ~can_load_kernmodule *:capability sys_module;
+
 ########################################
 #
 # sysfs_t is the type for /sys