clean up formatting
This commit is contained in:
parent
41b25f59b9
commit
8e788ed2aa
@ -136,35 +136,26 @@ level s0:c0.c255;
|
||||
#
|
||||
# Only files are constrained by MCS at this stage.
|
||||
#
|
||||
mlsconstrain file { write setattr append unlink link rename
|
||||
ioctl lock execute relabelfrom } (h1 dom h2);
|
||||
mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
|
||||
( h1 dom h2 );
|
||||
|
||||
mlsconstrain file { create relabelto } ((h1 dom h2) and (l2 eq h2));
|
||||
mlsconstrain file { create relabelto }
|
||||
(( h1 dom h2 ) and ( l2 eq h2 ));
|
||||
|
||||
mlsconstrain file { read } ((h1 dom h2) or ( t2 == domain ) or ( t1 == mlsfileread ));
|
||||
mlsconstrain file { read }
|
||||
(( h1 dom h2 ) or ( t2 == domain ) or ( t1 == mlsfileread ));
|
||||
|
||||
# new file labels must be dominated by the relabeling subject clearance
|
||||
mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
|
||||
( h1 dom h2 );
|
||||
|
||||
mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
|
||||
(( h1 dom h2 ) and ( l2 eq h2 ));
|
||||
|
||||
mlsconstrain process { ptrace } ( h1 dom h2 );
|
||||
mlsconstrain process { ptrace }
|
||||
( h1 dom h2 );
|
||||
|
||||
mlsconstrain process { sigkill sigstop } ( h1 dom h2 ) or
|
||||
( t1 == mcskillall );
|
||||
|
||||
define(`nogetattr_file_perms', `{ create ioctl read lock write setattr append
|
||||
link unlink rename relabelfrom relabelto }')
|
||||
|
||||
define(`nogetattr_dir_perms', `{ create read lock setattr ioctl link unlink
|
||||
rename search add_name remove_name reparent write rmdir relabelfrom
|
||||
relabelto }')
|
||||
|
||||
# XXX
|
||||
#
|
||||
# For some reason, we need to reference the mlsfileread attribute
|
||||
# or we get a build error. Below is a dummy entry to do this.
|
||||
mlsconstrain xextension query ( t1 == mlsfileread );
|
||||
mlsconstrain process { sigkill sigstop }
|
||||
(( h1 dom h2 ) or ( t1 == mcskillall ));
|
||||
|
||||
') dnl end enable_mcs
|
||||
|
Loading…
Reference in New Issue
Block a user