clean up formatting

This commit is contained in:
Chris PeBenito 2006-03-29 14:51:49 +00:00
parent 41b25f59b9
commit 8e788ed2aa

View File

@ -136,35 +136,26 @@ level s0:c0.c255;
#
# Only files are constrained by MCS at this stage.
#
mlsconstrain file { write setattr append unlink link rename
ioctl lock execute relabelfrom } (h1 dom h2);
mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
( h1 dom h2 );
mlsconstrain file { create relabelto } ((h1 dom h2) and (l2 eq h2));
mlsconstrain file { create relabelto }
(( h1 dom h2 ) and ( l2 eq h2 ));
mlsconstrain file { read } ((h1 dom h2) or ( t2 == domain ) or ( t1 == mlsfileread ));
mlsconstrain file { read }
(( h1 dom h2 ) or ( t2 == domain ) or ( t1 == mlsfileread ));
# new file labels must be dominated by the relabeling subject clearance
mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
( h1 dom h2 );
mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
(( h1 dom h2 ) and ( l2 eq h2 ));
mlsconstrain process { ptrace } ( h1 dom h2 );
mlsconstrain process { ptrace }
( h1 dom h2 );
mlsconstrain process { sigkill sigstop } ( h1 dom h2 ) or
( t1 == mcskillall );
define(`nogetattr_file_perms', `{ create ioctl read lock write setattr append
link unlink rename relabelfrom relabelto }')
define(`nogetattr_dir_perms', `{ create read lock setattr ioctl link unlink
rename search add_name remove_name reparent write rmdir relabelfrom
relabelto }')
# XXX
#
# For some reason, we need to reference the mlsfileread attribute
# or we get a build error. Below is a dummy entry to do this.
mlsconstrain xextension query ( t1 == mlsfileread );
mlsconstrain process { sigkill sigstop }
(( h1 dom h2 ) or ( t1 == mcskillall ));
') dnl end enable_mcs